Merge branch 'master' into puppet4

25 files changed, 107 insertions, 114 deletions

diff --git a/files/boilerplate/blacklist.header b/files/boilerplate/blacklist.header
deleted file mode 100644
index 2392e17..0000000
--- a/files/boilerplate/blacklist.header
+++ /dev/null
@@ -1,10 +0,0 @@
-#
-# Shorewall version 3.4 - Blacklist File
-#
-# For information about entries in this file, type "man shorewall-blacklist"
-#
-# Please see http://shorewall.net/blacklisting_support.htm for additional
-# information.
-#
-###############################################################################
-#ADDRESS/SUBNET         PROTOCOL        PORT
diff --git a/files/boilerplate/clear.header b/files/boilerplate/clear.header
index 6a39b0b..8bf025c 100644
--- a/files/boilerplate/clear.header
+++ b/files/boilerplate/clear.header
@@ -1,13 +1,10 @@
 #
-# Shorewall version 4 - Clear
+# Shorewall -- /etc/shorewall/clear
 #
-# /etc/shorewall/stop
-#
-#       Add commands below that you want to be executed at the beginning of a
-#       "shorewall stop" command.
+# Add commands below that you want to be executed after Shorewall has
+# processed the 'clear' command.
 #
 # See http://shorewall.net/shorewall_extension_scripts.htm for additional
 # information.
 #
 ###############################################################################
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
diff --git a/files/boilerplate/hosts.header b/files/boilerplate/hosts.header
index e39d614..99bfa02 100644
--- a/files/boilerplate/hosts.header
+++ b/files/boilerplate/hosts.header
@@ -1,9 +1,10 @@
 #
-# Shorewall version 3.4 - Hosts file
+# Shorewall -- /etc/shorewall/hosts
 #
 # For information about entries in this file, type "man shorewall-hosts"
 #
-# For additional information, see http://shorewall.net/Documentation.htm#Hosts
+# The manpage is also online at
+# http://www.shorewall.net/manpages/shorewall-hosts.html
 #
 ###############################################################################
-#ZONE   HOST(S)                                 OPTIONS
+#ZONE		HOSTS				OPTIONS
diff --git a/files/boilerplate/init.header b/files/boilerplate/init.header
index cbb0393..417c3f2 100644
--- a/files/boilerplate/init.header
+++ b/files/boilerplate/init.header
@@ -1,13 +1,10 @@
 #
-# Shorewall version 4 - Init File
+# Shorewall -- /etc/shorewall/init
 #
-# /etc/shorewall/init
-#
-#	Add commands below that you want to be executed at the beginning of
-#	a "shorewall start" or "shorewall restart" command.
+# Add commands below that you want to be executed at the beginning of
+# a "shorewall start", "shorewall-reload" or "shorewall restart" command.
 #
 # For additional information, see
 # http://shorewall.net/shorewall_extension_scripts.htm
 #
 ###############################################################################
-
diff --git a/files/boilerplate/initdone.header b/files/boilerplate/initdone.header
index 9252a3b..5ad859a 100644
--- a/files/boilerplate/initdone.header
+++ b/files/boilerplate/initdone.header
@@ -1,14 +1,12 @@
 #
-# Shorewall version 4 - Initdone File
+# Shorewall -- /etc/shorewall/initdone
 #
-# /etc/shorewall/initdone
-#
-#	Add commands below that you want to be executed during
-#	"shorewall start" or "shorewall restart" commands at the point where
-#	Shorewall has not yet added any perminent rules to the builtin chains.
+# Add commands below that you want to be executed during
+# "shorewall start", "shorewall reload" or "shorewall restart" commands
+# at the point where Shorewall has not yet added any permanent rules to
+# the builtin chains.
 #
 # For additional information, see
 # http://shorewall.net/shorewall_extension_scripts.htm
 #
 ###############################################################################
-
diff --git a/files/boilerplate/interfaces.header b/files/boilerplate/interfaces.header
index 663e436..12855c7 100644
--- a/files/boilerplate/interfaces.header
+++ b/files/boilerplate/interfaces.header
@@ -1,10 +1,12 @@
 #
-# Shorewall version 4 - Interfaces File
+# Shorewall -- /etc/shorewall/interfaces
 #
 # For information about entries in this file, type "man shorewall-interfaces"
 #
-# For additional information, see
+# The manpage is also online at
 # http://www.shorewall.net/manpages/shorewall-interfaces.html
 #
+# FIXME: need to switch to format 2
+#?FORMAT 2
 ###############################################################################
-#ZONE   INTERFACE       BROADCAST       OPTIONS
+#ZONE		INTERFACE		OPTIONS
diff --git a/files/boilerplate/mangle.header b/files/boilerplate/mangle.header
index 7a7b12a..496e3f5 100644
--- a/files/boilerplate/mangle.header
+++ b/files/boilerplate/mangle.header
@@ -1,7 +1,14 @@
 #
-# Shorewall - Mangle File
+# Shorewall -- /etc/shorewall/mangle
 #
-# For additional information, see http://shorewall.net/manpages/shorewall-mangle.html
+# For information about entries in this file, type "man shorewall-mangle"
 #
-#######################################################################################
-#ACTION SOURCE DESTINATION PROTO DSTPORT SRCPORT USER TEST LENGTH TOS CONNBYTES HELPER HEADERS
+# See http://shorewall.net/traffic_shaping.htm for additional information.
+# For usage in selecting among multiple ISPs, see
+# http://shorewall.net/MultiISP.html
+#
+# See http://shorewall.net/PacketMarking.html for a detailed description of
+# the Netfilter/Shorewall packet marking mechanism.
+#
+##############################################################################################################################################################
+#ACTION		SOURCE		DEST		PROTO	DPORT	SPORT	USER	TEST	LENGTH	TOS	CONNBYTES	HELPER	PROBABILITY	DSCP	SWITCH
diff --git a/files/boilerplate/masq.header b/files/boilerplate/masq.header
index f823321..2f7c22e 100644
--- a/files/boilerplate/masq.header
+++ b/files/boilerplate/masq.header
@@ -1,9 +1,10 @@
 #
-# Shorewall version 3.4 - Masq file
+# Shorewall -- /etc/shorewall/masq
 #
 # For information about entries in this file, type "man shorewall-masq"
 #
-# For additional information, see http://shorewall.net/Documentation.htm#Masq
+# The manpage is also online at
+# http://www.shorewall.net/manpages/shorewall-masq.html
 #
-###############################################################################
-#INTERFACE              SOURCE          ADDRESS         PROTO   PORT(S) IPSEC   MARK
+###################################################################################################################################
+#INTERFACE		SOURCE		ADDRESS		PROTO	PORT	IPSEC	MARK	USER	SWITCH	ORIGDEST	PROBABILITY
diff --git a/files/boilerplate/nat.header b/files/boilerplate/nat.header
index c2e0d92..5d0871f 100644
--- a/files/boilerplate/nat.header
+++ b/files/boilerplate/nat.header
@@ -1,9 +1,9 @@
 #
-# Shorewall version 3.4 - Nat File
+# Shorewall -- /etc/shorewall/nat
 #
 # For information about entries in this file, type "man shorewall-nat"
 #
 # For additional information, see http://shorewall.net/NAT.htm
 #
 ###############################################################################
-#EXTERNAL       INTERFACE       INTERNAL        ALL             LOCAL
+#EXTERNAL	INTERFACE	INTERNAL	ALLINTS		LOCAL
diff --git a/files/boilerplate/params.header b/files/boilerplate/params.header
index b258b0d..f07a916 100644
--- a/files/boilerplate/params.header
+++ b/files/boilerplate/params.header
@@ -1,26 +1,24 @@
 #
-# Shorewall version 3.4 - Params File
+# Shorewall -- /etc/shorewall/params
 #
-# /etc/shorewall/params
+# Assign any variables that you need here.
 #
-#       Assign any variables that you need here.
+# It is suggested that variable names begin with an upper case letter
+# to distinguish them from variables used internally within the
+# Shorewall programs
 #
-#       It is suggested that variable names begin with an upper case letter
-#       to distinguish them from variables used internally within the
-#       Shorewall programs
+# Example:
 #
-#       Example:
+#       NET_IF=eth0
+#       NET_BCAST=130.252.100.255
+#       NET_OPTIONS=routefilter
 #
-#               NET_IF=eth0
-#               NET_BCAST=130.252.100.255
-#               NET_OPTIONS=routefilter,norfc1918
+# Example (/etc/shorewall/interfaces record):
 #
-#       Example (/etc/shorewall/interfaces record):
+#	net	$NET_IF		$NET_BCAST	$NET_OPTIONS
 #
-#               net     $NET_IF         $NET_BCAST      $NET_OPTIONS
+# The result will be the same as if the record had been written
 #
-#       The result will be the same as if the record had been written
-#
-#               net     eth0            130.252.100.255 routefilter,norfc1918
+#       net     eth0            130.252.100.255 routefilter
 #
 ###############################################################################
diff --git a/files/boilerplate/policy.header b/files/boilerplate/policy.header
index cc9781f..8e9d032 100644
--- a/files/boilerplate/policy.header
+++ b/files/boilerplate/policy.header
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - Policy File
+# Shorewall -- /etc/shorewall/policy
 #
 # For information about entries in this file, type "man shorewall-policy"
 #
@@ -7,5 +7,4 @@
 # http://www.shorewall.net/manpages/shorewall-policy.html
 #
 ###############################################################################
-#SOURCE DEST  POLICY    LOG LIMIT:    CONNLIMIT:
-#       LEVEL BURST   MASK
+#SOURCE		DEST		POLICY	LOGLEVEL	LIMIT	CONNLIMIT
diff --git a/files/boilerplate/providers.header b/files/boilerplate/providers.header
index b4a5990..0dfb950 100644
--- a/files/boilerplate/providers.header
+++ b/files/boilerplate/providers.header
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - Providers File
+# Shorewall -- /etc/shorewall/providers
 #
 # For information about entries in this file, type "man shorewall-providers"
 #
diff --git a/files/boilerplate/proxyarp.header b/files/boilerplate/proxyarp.header
index 1e16853..4249e03 100644
--- a/files/boilerplate/proxyarp.header
+++ b/files/boilerplate/proxyarp.header
@@ -1,9 +1,9 @@
 #
-# Shorewall version  3.4 - Proxyarp File
+# Shorewall -- /etc/shorewall/proxyarp
 #
 # For information about entries in this file, type "man shorewall-proxyarp"
 #
 # See http://shorewall.net/ProxyARP.htm for additional information.
 #
 ###############################################################################
-#ADDRESS        INTERFACE       EXTERNAL        HAVEROUTE       PERSISTENT
+#ADDRESS	INTERFACE	EXTERNAL	HAVEROUTE	PERSISTENT
diff --git a/files/boilerplate/rtrules.header b/files/boilerplate/rtrules.header
index fd9b2f4..7700816 100644
--- a/files/boilerplate/rtrules.header
+++ b/files/boilerplate/rtrules.header
@@ -1,8 +1,9 @@
 #
-# Shorewall version 4 - route rules File
+# Shorewall -- /etc/shorewall/rtrules
 #
 # For information about entries in this file, type "man shorewall-rtrules"
 #
 # For additional information, see http://www.shorewall.net/MultiISP.html
+#
 ####################################################################################
-# SOURCE DEST PROVIDER PRIORITY MASK 
+#SOURCE			DEST			PROVIDER	PRIORITY	MASK
diff --git a/files/boilerplate/rules.header b/files/boilerplate/rules.header
index 764358a..1ebf187 100644
--- a/files/boilerplate/rules.header
+++ b/files/boilerplate/rules.header
@@ -1,10 +1,11 @@
 #
-# Shorewall version 3.4 - Rules File
+# Shorewall -- /etc/shorewall/rules
 #
 # For information on the settings in this file, type "man shorewall-rules"
 #
-# See http://shorewall.net/Documentation.htm#Rules for additional information.
+# The manpage is also online at
+# http://www.shorewall.net/manpages/shorewall-rules.html
 #
-#############################################################################################################
-#ACTION SOURCE          DEST            PROTO   DEST    SOURCE          ORIGINAL        RATE            USER/   MARK
-#                                               PORT    PORT(S)         DEST            LIMIT           GROUP
+##############################################################################################################################################################
+#ACTION		SOURCE		DEST		PROTO	DPORT	SPORT	ORIGDEST	RATE	USER	MARK	CONNLIMIT	TIME	HEADERS	SWITCH	HELPER
+
diff --git a/files/boilerplate/start.header b/files/boilerplate/start.header
index 689dff1..881cdfd 100644
--- a/files/boilerplate/start.header
+++ b/files/boilerplate/start.header
@@ -1,10 +1,8 @@
 #
-# Shorewall version 4 - Start File
+# Shorewall -- /etc/shorewall/start
 #
-# /etc/shorewall/start
-#
-#	Add commands below that you want to be executed after shorewall has
-#	been started or restarted.
+# Add commands below that you want to be executed after shorewall has
+# been started, reloaded or restarted.
 #
 # See http://shorewall.net/shorewall_extension_scripts.htm for additional
 # information.
diff --git a/files/boilerplate/started.header b/files/boilerplate/started.header
index b7704db..4adc4b9 100644
--- a/files/boilerplate/started.header
+++ b/files/boilerplate/started.header
@@ -1,20 +1,18 @@
 #
-# Shorewall version 4 - Started File
+# Shorewall -- /etc/shorewall/started
 #
-# /etc/shorewall/started
+# Add commands below that you want to be executed after shorewall has
+# been completely started, reloaded or restarted. The difference between
+# this extension script and /etc/shorewall/start is that this one is
+# invoked after the 'shorewall' chain has been created (thus
+# signaling that the firewall is completely up).
 #
-#	Add commands below that you want to be executed after shorewall has
-#	been completely started or restarted. The difference between this
-#	extension script and /etc/shorewall/start is that this one is invoked
-#	after delayed loading of the blacklist (DELAYBLACKLISTLOAD=Yes) and
-#	after the 'shorewall' chain has been created (thus signaling that the
-#	firewall is completely up).
-#
-#	This script should not change the firewall configuration directly but
-#	may do so indirectly by running /sbin/shorewall with the 'nolock'
-#	option.
+# This script should not change the firewall configuration directly but
+# may do so indirectly by running /sbin/shorewall with the 'nolock'
+# option.
 #
 # See http://shorewall.net/shorewall_extension_scripts.htm for additional
 # information.
 #
 ###############################################################################
+
diff --git a/files/boilerplate/stop.header b/files/boilerplate/stop.header
index 0088abe..27a993b 100644
--- a/files/boilerplate/stop.header
+++ b/files/boilerplate/stop.header
@@ -1,13 +1,10 @@
 #
-# Shorewall version 4 - Stop File
+# Shorewall -- /etc/shorewall/stop
 #
-# /etc/shorewall/stop
-#
-#	Add commands below that you want to be executed at the beginning of a
-#	"shorewall stop" command.
+# Add commands below that you want to be executed at the beginning of a
+# "shorewall stop" command.
 #
 # See http://shorewall.net/shorewall_extension_scripts.htm for additional
 # information.
 #
 ###############################################################################
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
diff --git a/files/boilerplate/stopped.header b/files/boilerplate/stopped.header
index 438e5e0..8cc6bc6 100644
--- a/files/boilerplate/stopped.header
+++ b/files/boilerplate/stopped.header
@@ -1,13 +1,10 @@
 #
-# Shorewall version 4 - Stopped File
+# Shorewall -- /etc/shorewall/stopped
 #
-# /etc/shorewall/stopped
-#
-#	Add commands below that you want to be executed at the completion of a
-#	"shorewall stop" command.
+# Add commands below that you want to be executed at the completion of a
+# "shorewall stop" command.
 #
 # See http://shorewall.net/shorewall_extension_scripts.htm for additional
 # information.
 #
 ###############################################################################
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
diff --git a/files/boilerplate/blacklist.footer b/files/boilerplate/stoppedrules.footer
index 5e12d1d..5e12d1d 100644
--- a/files/boilerplate/blacklist.footer
+++ b/files/boilerplate/stoppedrules.footer
diff --git a/files/boilerplate/stoppedrules.header b/files/boilerplate/stoppedrules.header
new file mode 100644
index 0000000..94f4d0c
--- /dev/null
+++ b/files/boilerplate/stoppedrules.header
@@ -0,0 +1,13 @@
+#
+# Shorewall -- /etc/shorewall/stoppedrules
+#
+# For information about entries in this file, type "man shorewall-stoppedrules"
+#
+# The manpage is also online at
+# http://www.shorewall.net/manpages/shorewall-stoppedrules.html
+#
+# See http://shorewall.net/starting_and_stopping_shorewall.htm for additional
+# information.
+#
+###############################################################################
+#ACTION		SOURCE			DEST		PROTO	DPORT	SPORT
diff --git a/files/boilerplate/tcclasses.header b/files/boilerplate/tcclasses.header
index 025415b..b31b684 100644
--- a/files/boilerplate/tcclasses.header
+++ b/files/boilerplate/tcclasses.header
@@ -1,9 +1,9 @@
 #
-# Shorewall version 4 - Tcclasses File
+# Shorewall -- /etc/shorewall/tcclasses
 #
 # For information about entries in this file, type "man shorewall-tcclasses"
 #
 # See http://shorewall.net/traffic_shaping.htm for additional information.
 #
 ###############################################################################
-#INTERFACE:CLASS        MARK    RATE    CEIL    PRIORITY        OPTIONS
+#INTERFACE	MARK	RATE		CEIL		PRIO	OPTIONS
diff --git a/files/boilerplate/tcdevices.header b/files/boilerplate/tcdevices.header
index fe7c3d1..226192e 100644
--- a/files/boilerplate/tcdevices.header
+++ b/files/boilerplate/tcdevices.header
@@ -1,10 +1,9 @@
 #
-# Shorewall version 4 - Tcdevices File
+# Shorewall -- /etc/shorewall/tcdevices
 #
 # For information about entries in this file, type "man shorewall-tcdevices"
 #
 # See http://shorewall.net/traffic_shaping.htm for additional information.
 #
 ###############################################################################
-#NUMBER:        IN-BANDWITH     OUT-BANDWIDTH   OPTIONS         REDIRECTED
-#INTERFACE                                                      INTERFACES
+#INTERFACE	IN_BANDWITH	OUT_BANDWIDTH	OPTIONS		REDIRECT
diff --git a/files/boilerplate/tunnels.header b/files/boilerplate/tunnels.header
index 638fd56..7bfd966 100644
--- a/files/boilerplate/tunnels.header
+++ b/files/boilerplate/tunnels.header
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - Tunnels File
+# Shorewall -- /etc/shorewall/tunnels
 #
 # For information about entries in this file, type "man shorewall-tunnels"
 #
@@ -7,5 +7,4 @@
 # http://www.shorewall.net/manpages/shorewall-tunnels.html
 #
 ###############################################################################
-#TYPE			ZONE	GATEWAY		GATEWAY
-#						ZONE
+#TYPE			ZONE		GATEWAY			GATEWAY_ZONE
diff --git a/files/boilerplate/zones.header b/files/boilerplate/zones.header
index 5dada52..d4b8cbc 100644
--- a/files/boilerplate/zones.header
+++ b/files/boilerplate/zones.header
@@ -1,5 +1,5 @@
 #
-# Shorewall version 4 - Zones File
+# Shorewall -- /etc/shorewall/zones
 #
 # For information about this file, type "man shorewall-zones"
 #
@@ -7,6 +7,6 @@
 # http://www.shorewall.net/manpages/shorewall-zones.html
 #
 ###############################################################################
-#ZONE TYPE    OPTIONS   IN      OUT
-#         OPTIONS     OPTIONS
-fw  firewall
+#ZONE		TYPE		OPTIONS		IN_OPTIONS	OUT_OPTIONS
+
+fw		firewall