Another change to Debian startup at boot

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall-core/lib.cli

@@ -457,7 +457,9 @@ sort_routes() {
 }
 
 #
-# Isolate the table in the routing rules being read from stdin
+# Isolate the table in the routing rules being read from stdin.
+# Piping through sed to remove trailing whitespace works around
+# recent 'features' in dash and ip.
 #
 find_tables() {
     sed -r 's/[[:space:]]+$//' | while read rule; do

Shorewall-core/shorewallrc.debian

@@ -9,7 +9,7 @@ LIBEXECDIR=${PREFIX}/share              #Directory for executable scripts.
 PERLLIBDIR=${PREFIX}/share/shorewall    #Directory to install Shorewall Perl module directory
 CONFDIR=/etc                            #Directory where subsystem configurations are installed
 SBINDIR=/sbin                           #Directory where system administration programs are installed
-MANDIR=${PREFIX}/man                    #Directory where manpages are installed.
+MANDIR=${PREFIX}/share/man              #Directory where manpages are installed.
 INITDIR=/etc/init.d                     #Directory where SysV init scripts are installed.
 INITFILE=$PRODUCT                       #Name of the product's installed SysV init script
 INITSOURCE=init.debian.sh               #Name of the distributed file to be installed as the SysV init script

Shorewall-core/shorewallrc.slackware

@@ -11,9 +11,9 @@ CONFDIR=/etc                               #Directory where subsystem configurat
 SBINDIR=/sbin                              #Directory where system administration programs are installed
 MANDIR=${PREFIX}/man                       #Directory where manpages are installed.
 INITDIR=/etc/rc.d                          #Directory where SysV init scripts are installed.
-INITSOURCE=init.slackware.firewall         #Name of the distributed file to be installed as the SysV init script
+INITSOURCE=init.slackware.firewall.sh      #Name of the distributed file to be installed as the SysV init script
 INITFILE=rc.firewall                       #Name of the product's installed SysV init script
-AUXINITSOURCE=init.slackware.$PRODUCT      #Name of the distributed file to be installed as a second SysV init script
+AUXINITSOURCE=init.slackware.$PRODUCT.sh   #Name of the distributed file to be installed as a second SysV init script
 AUXINITFILE=rc.$PRODUCT                    #Name of the product's installed second init script
 SYSTEMD=                                   #Name of the directory where .service files are installed (systems running systemd only)
 SYSCONFFILE=                               #Name of the distributed file to be installed in $SYSCONFDIR

Shorewall-lite/install.sh

@@ -496,6 +496,7 @@ if [ -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${mac}" ]; then
 	echo "Set startup=1 in ${SYSCONFDIR}/$PRODUCT to enable"
 	touch /var/log/$PRODUCT-init.log
 	perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/${PRODUCT}/${PRODUCT}.conf
+	update-rc.d $PRODUCT enable defaults
     elif [ -n "$SYSTEMD" ]; then
 	if systemctl enable $PRODUCT; then
 	    echo "$Product will start automatically at boot"

Shorewall/Macros/macro.Amanda

@@ -11,6 +11,7 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	udp	10080
+PARAM	-	-	tcp	10080
 #
 # You may also need this rule.  With AMANDA 2.4.4 on Linux kernel 2.6,
 # it should not be necessary to use this.  The ip_conntrack_amanda

Shorewall/Perl/Shorewall/Chains.pm

@@ -3969,7 +3969,7 @@ sub do_ratelimit( $$ ) {
 	if ( $rate =~ /^[sd]:((\w*):)?((\d+)(\/(sec|min|hour|day))?):(\d+)$/ ) {
 	    fatal_error "Invalid Rate ($3)" unless $4;
 	    fatal_error "Invalid Burst ($7)" unless $7;
-	    $limit .= "--hashlimit $3 --hashlimit-burst $7 --hashlimit-name ";
+	    $limit .= "--$match $3 --hashlimit-burst $7 --hashlimit-name ";
 	    $limit .= $2 ? $2 : 'shorewall' . $hashlimitset++;
 	    $limit .= ' --hashlimit-mode ';
 	    $units = $6;

Shorewall/Perl/Shorewall/Tc.pm

@@ -1959,13 +1959,13 @@ sub setup_tc() {
     if ( $config{TC_ENABLED} ) {
 	our  @tccmd = ( { match     => sub ( $ ) { $_[0] eq 'SAVE' } ,
 			  target    => 'CONNMARK --save-mark --mask' ,
-			  mark      => SMALLMARK ,
+			  mark      => $config{TC_EXPERT} ? HIGHMARK : SMALLMARK,
 			  mask      => in_hex( $globals{TC_MASK} ) ,
 			  connmark  => 1
 			} ,
 			{ match     => sub ( $ ) { $_[0] eq 'RESTORE' },
 			  target    => 'CONNMARK --restore-mark --mask' ,
-			  mark      => SMALLMARK ,
+			  mark      => $config{TC_EXPERT} ? HIGHMARK : SMALLMARK ,
 			  mask      => in_hex( $globals{TC_MASK} ) ,
 			  connmark  => 1
 			} ,

Shorewall/Perl/prog.footer

@@ -235,8 +235,8 @@ case "$COMMAND" in
 	    status=2
 	elif checkkernelversion; then
 	    if [ $# -eq 1 ]; then
-		$IP6TABLES -Z
-		$IP6TABLES -t mangle -Z
+		$g_tool -Z
+		$g_tool -t mangle -Z
 		date > ${VARDIR}/restarted
 		status=0
 		progress_message3 "$g_product Counters Reset"
@@ -245,7 +245,7 @@ case "$COMMAND" in
 		status=0
 		for chain in $@; do
 		    if chain_exists $chain; then
-			if qt $IP6TABLES -Z $chain; then
+			if qt $g_tool-Z $chain; then
 			    progress_message3 "Filter $chain Counters Reset"
 			else
 			    error_message "ERROR: Reset of chain $chain failed"

Shorewall/install.sh

@@ -248,7 +248,7 @@ OWNERSHIP="-o $OWNER -g $GROUP"
 # Determine where to install the firewall script
 #
 
-if [ $PRODUCT = shorewall -a -z "${DESTDIR}" ]; then
+if [ $PRODUCT = shorewall -a "$BUILD" = "$HOST" ]; then
     #
     # Fix up 'use Digest::' if SHA is installed
     #
@@ -259,7 +259,7 @@ if [ $PRODUCT = shorewall -a -z "${DESTDIR}" ]; then
     # Verify that Perl is installed
     #
     if ! perl -c Perl/compiler.pl; then
-	echo "ERROR: $Product $VERSION requires Perl which either is not installed or is not able to compile the $Product Perl code" >&2
+	echo "ERROR: $Product $VERSION requires Perl which either is not installed or is not able to compile the Shorewall Perl code" >&2
 	echo "       Try perl -c $PWD/Perl/compiler.pl" >&2
 	exit 1
     fi
@@ -333,14 +333,18 @@ echo "$PRODUCT control program installed in ${DESTDIR}${SBINDIR}/$PRODUCT"
 # Install the Firewall Script
 #
 if [ -n "$INITFILE" ]; then
-    install_file $INITSOURCE ${DESTDIR}${INITDIR}/$INITFILE 0544
-    [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${INITDIR}/$INITFILE
-  
-    if [ -n "${AUXINITSOURCE}" ]; then
+    if [ -f "$INITSOURCE" ]; then
 	install_file $INITSOURCE ${DESTDIR}${INITDIR}/$INITFILE 0544
+	[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${INITDIR}/$INITFILE
+	echo  "$Product script installed in ${DESTDIR}${INITDIR}/$INITFILE"
+    fi
+
+    if [ -n "$AUXINITSOURCE" -a -f "$AUXINITSOURCE" ]; then
+	install_file $AUXINITSOURCE ${DESTDIR}${INITDIR}/$AUXINITFILE 0544
+	[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${INITDIR}/$AUXINITFILE
+	echo  "$Product script installed in ${DESTDIR}${INITDIR}/$AUXINITFILE"
     fi
 
-    echo  "$Product script installed in ${DESTDIR}${INITDIR}/$INITFILE"
 fi
 
 #
@@ -1072,13 +1076,13 @@ cd manpages
 [ -n "$INSTALLD" ] || mkdir -p ${DESTDIR}${MANDIR}/man5/ ${DESTDIR}${MANDIR}/man8/
 
 for f in *.5; do
-    gzip -c $f > $f.gz
+    gzip -9c $f > $f.gz
     run_install $INSTALLD  -m 0644 $f.gz ${DESTDIR}${MANDIR}/man5/$f.gz
     echo "Man page $f.gz installed to ${DESTDIR}${MANDIR}/man5/$f.gz"
 done
 
 for f in *.8; do
-    gzip -c $f > $f.gz
+    gzip -9c $f > $f.gz
     run_install $INSTALLD  -m 0644 $f.gz ${DESTDIR}${MANDIR}/man8/$f.gz
     echo "Man page $f.gz installed to ${DESTDIR}${MANDIR}/man8/$f.gz"
 done
@@ -1108,6 +1112,7 @@ if [ -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${mac}" ]; then
 	echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
 	touch /var/log/$PRODUCT-init.log
 	perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf
+	update-rc.d $PRODUCT enable
     elif [ -n "$SYSTEMD" ]; then
 	if systemctl enable $PRODUCT; then
 	    echo "$Product will start automatically at boot"

Shorewall/manpages/shorewall-tcrules.xml

@@ -569,7 +569,7 @@ Normal-Service       =&gt; 0x00</programlisting>
                   <term>T</term>
 
                   <listitem>
-                    <para>POSTROUTING chain (default).</para>
+                    <para>POSTROUTING chain.</para>
                   </listitem>
                 </varlistentry>
               </variablelist>

Shorewall6/manpages/shorewall6-tcrules.xml

@@ -416,7 +416,7 @@ SAME              $FW            0.0.0.0/0    tcp        80,443</programlisting>
                   <term>T</term>
 
                   <listitem>
-                    <para>POSTROUTING chain (default).</para>
+                    <para>POSTROUTING chain.</para>
                   </listitem>
                 </varlistentry>
               </variablelist>