This file is indexed.

/usr/bin/mason-gui-text is in mason 1.0.0-12.3.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
#!/bin/bash
set -e
#Copyright (c) 1999-2000, William L. Stearns <wstearns@pobox.com>
#See top of Mason script for copyright and licensing information.
#Last YYYY code used: 0019, use 0020 next

# ---------------------------------------------------------------------
# Kill another instance of mason if this programm is started with
# the option "--force" - 2008-06-27 - Scheffczyk
# ---------------------------------------------------------------------
if [ "$$"x != "`/bin/pidof -x /usr/bin/mason-gui-text`"x ]; then
    if [ "$1"x == "--force"x ]; then
	echo "Told to stop another instance of $0  ..."
	kill -9 `ps aux | grep mason | egrep -v "(grep mason|$$)" | awk '{ print $2 }'`
	if [ "$$"x != "`/bin/pidof -x /usr/bin/mason-gui-text`"x ]; then
	    echo "Unable to stop another instance of $0. Exiting ...";
	    exit 1;
	fi;
    else
	echo "Another instance of $0 is running. Exiting ...";
	exit 1;
    fi;
fi;


CKPTMGT=" mgt: Ground0" ; #ckpt $CKPTMGT

MASONDIR=${MASONDIR:-"/var/lib/mason/"}
MASONCONF=${MASONCONF:-"/etc/masonrc"}
MASONLIB=${MASONLIB:-"${MASONDIR}masonlib"}
#MASONLIB=${MASONLIB:-"${MASONDIR}masonlib"}	#My editor of choice (mcedit) gets quoting backwards if there is an odd number of these.

if [ -f $MASONLIB ]; then
	. $MASONLIB
else
	#Can't use wrap here - no library to load it from.
	echo Missing $MASONLIB library file.  Please get a complete copy of Mason from >/dev/stderr
	echo http://www.pobox.com/~wstearns/mason/ .  Exiting. >/dev/stderr
	sleep 10
	exit 1
fi

catchall		#Put in a default handler for everything; don't just let children die.
trap preexit 0		#This gets nullified if we get a SIGHUP or SIGINT -  see mgtcleanup.

killrunningmason () {
	#A backgrounded Mason is a pain in the %$^#^%$ to kill...
	#I think I may have found my wooden stake.  Have the equivalent of a pipe to mason; a 
	#file which is tailed along with /var/log/messages into mason when it's run.  When 
	#we need to kill mason, echo '!!EXIT!!' into it and have mason look for it on stdin.
	#Until I'm sure this works, I'll keep the old "bludgeon it to death with sigs" 
	#approach as a backup.
	if [ -n "$KILLFILES" ]; then
		for ONEKILLFILE in $KILLFILES ; do
			echo '!!EXIT!!' >>$ONEKILLFILE
		done
		sleep 5
		for ONEKILLFILE in $KILLFILES ; do
			rm -f $ONEKILLFILE 2>/dev/null || :
		done
		KILLFILES=""
	fi

	if [ -n "$MASONTAILPID" ]; then	kill -TERM $MASONTAILPID 2>/dev/null || : ;	MASONTAILPID="" ; sleep 1 ;	fi
	if [ -n "$MASONPID" ]; then
		#FIXME - check if it's still running first?
		#wrap Killing active $MASONPID >/dev/stderr
		kill -HUP $MASONPID 2>/dev/null || :
		sleep 2
		kill -TERM $MASONPID 2>/dev/null || :
		MASONPID=""
	fi

	if [ -f "$MASONPIDFILE" ]; then
		for ONEPID in `cat $MASONPIDFILE` ; do
			if type -path ps >/dev/null 2>/dev/null && type -path grep >/dev/null 2>/dev/null ; then
				if [ -n "`ps ax | grep "^[[:space:]]*$ONEPID[[:space:]]" | grep mason`" ]; then
					#wrap Killing background $ONEPID >/dev/stderr
					kill -TERM $ONEPID 2>/dev/null || :
					sleep 2
					kill -9 $ONEPID 2>/dev/null || :
				fi
			else
				kill -TERM $ONEPID 2>/dev/null || :
			fi
		done
		cat /dev/null >$MASONPIDFILE || :	#SUDO?
	fi
}

CKPTMGT=" mgt: trap" ; #ckpt $CKPTMGT

mgtcleanup () {
	#FIXME - should this be 'trap 0'?
	trap - 0	#If we received a signal, no need to process a "crash".
	unset CKPTMGT CKPTMASON CKPTCHECKSYS CKPTCLIENTPORTRANGE \
	 CKPTGENERALIZEIP CKPTIPLE CKPTIPLT CKPTISNUMERICIP CKPTLOADCONF \
	 CKPTSERVERPORTRANGE CKPTADDCOUNTS CKPTNAMEOF CKPTBROADCASTOF \
	 CKPTCHECKCONF CKPTDELCOUNTS CKPTFLUSHFIREWALL CKPTPORT2CISCOPORT \
	 CKPTPROTONUM2NAME CKPTRULETAG CKPTRUNFIREWALL \
	 CKPTSETTOS CKPTSORTRULEFILE \
	 CKPTUNIQRULEFILE CKPTUPDATECOUNTS CKPTNETWORKOF || :
	if [ -n "$VIEWTAILPID" ]; then	kill -TERM $VIEWTAILPID 2>/dev/null || : ;	VIEWTAILPID="" ;			fi
	killrunningmason
	CKPTMGT=""
	echo
	wrap ${WARN}Exiting - you may need to reset the firewall...${NORM}
	exit 0
}
trap mgtcleanup SIGINT		#Ctrl-C generates this

reprocess-newrules () {
	rm -f $NEWRULEFILE.tmp || :
	mv -f $NEWRULEFILE $NEWRULEFILE.tmp || :
	touch $NEWRULEFILE || :
	cat $NEWRULEFILE.tmp | $MASONDECIDE 10<&1 11>>$BASERULEFILE 12>>$NEWRULEFILE 13>/dev/null
	rm -f $NEWRULEFILE.tmp || :
}

if [ -f $MASONCONF ]; then	#the entire loadconf function is not required
	. $MASONCONF
fi

CKPTMGT=" mgt: start" ; #ckpt $CKPTMGT

checksys
checkconf


EXITCONTROL="NO"
MASONPID=""
MASONTAILPID=""
VIEWTAILPID=""
KILLFILES=""

killrunningmason

while [ ! "$EXITCONTROL" = "YES" ]; do
	clear
	echo "------------------------------------------------------------------"
	echo $ENH "${HEADER}${BLUE}Mason${HEADER} firewall builder for Linux         $NORM"
	echo "------------------------------------------------------------------"
	echo $ENH "${HEADER}---- Learning shell for Mason.                                $NORM"
	echo $ENH "${HEADER}---- see http://www.pobox.com/~wstearns/mason/ for more info. $NORM"
	echo $ENH "${HEADER}---- Originally from William Stearns <wstearns@pobox.com>     $NORM"
	if [ -n "$MASONVER" ]; then
	    echo $ENH "${HEADER}---- This is release $MASONVER $NORM"
	fi
	echo "------------------------------------------------------------------"
        if [ -z  "`/bin/pidof -x /sbin/klogd`" ]; then
           echo "Warning: No instance of klogd (kernel log deamon) is running,"
           echo "         mason will not be able to learn new rules."
	   echo "------------------------------------------------------------------"
        fi
        if [ ! -f  "$PACKETLOGFILE" ]; then
           echo "Warning: The syslog file $PACKETLOGFILE does not exist,"
           echo "         mason will not be able to learn new rules."
	   echo "------------------------------------------------------------------"
	else
		if [ -z "` find $PACKETLOGFILE -cmin -60`" ]; then
	        	echo "Warning: No messages was written to the syslog file $PACKETLOGFILE"
	        	echo "         the last hour, the file is probably not in use by a"
        		echo "         syslog deamon. Mason will not be able to learn new rules."
	  		echo "------------------------------------------------------------------"
		fi
        fi
	if [ -n "$MASONPID$MASONTAILPID" ]; then
		echo Mason is currently in learn mode.
		echo "------------------------------------------------------------------"
		echo $ENH ${KEY}EL${NORM}: ${KEY}E${NORM}nd ${KEY}L${NORM}earning.
		showstate 'Mason-gui-text: Main menu, learning in the background'
	else
		echo Mason IS NOT currently learning.
		echo "------------------------------------------------------------------"
		echo $ENH ${KEY}BL${NORM}: ${KEY}B${NORM}egin ${KEY}L${NORM}earning.
		showstate 'Mason-gui-text: Main menu, not learning'
	fi
	echo $ENH ${KEY}EB${NORM}: ${KEY}E${NORM}dit ${KEY}B${NORM}ase firewall rule file.	#=> end learn
	echo $ENH ${KEY}EN${NORM}: ${KEY}E${NORM}dit ${KEY}N${NORM}ew firewall rule file.	#=> end learn, ask to merge rulefiles when done
	echo $ENH ${KEY}MR${NORM}: ${KEY}M${NORM}erge ${KEY}R${NORM}ules from new to base.
	echo $ENH ${KEY}CS${NORM}: ${KEY}C${NORM}hange mason ${KEY}S${NORM}ettings.			#=> sigusr1 mason when done
	echo $ENH ${KEY}LC${NORM}: ${KEY}L${NORM}ock this ${KEY}C${NORM}onsole and display new rules.
	echo $ENH ${KEY}Q${NORM}: ${KEY}Q${NORM}uit.
	#CKPTMGT=" mgt: Waiting for main menu choice" ; #ckpt $CKPTMGT
	CKPTMGT="" ; #ckpt $CKPTMGT
	read CHOICE || :
	CKPTMGT=" mgt: Calling $CHOICE" ; #ckpt $CKPTMGT
	case $CHOICE in
	[Bb][Ll])
		wrap Begin Learning.
		showstate 'Mason-gui-text: starting to learn'
		echo 
		CKPTMGT=" mgt: BL, flushing" ; #ckpt $CKPTMGT
		flushfirewall
		CKPTMGT=" mgt: BL, learning" ; #ckpt $CKPTMGT
		runfirewall LEARN
		CKPTMGT=" mgt: BL, set killfile" ; #ckpt $CKPTMGT
		NEWKILLFILE="$MASONDIR$RANDOM.tempflagfile"		#FIXME - mktemp/mkstemp?
		touch $NEWKILLFILE || logfail $LINENO mason-gui-text: YYYY 0019
		KILLFILES="$KILLFILES $NEWKILLFILE"
		CKPTMGT=" mgt: BL, tail" ; #ckpt $CKPTMGT
	  if /bin/false ; then
		#Is there _any_ _friggin'_ _way_ to handle this cleanly and catch a non-zero return code?
		#Should we set +e here?
		( tail -q -f --lines=0 $PACKETLOGFILE $KILLFILES | $MASONEXE >>$NEWRULEFILE ) &		#nohup just before tail removed		#SUDO on tail?
		MASONTAILPID="$MASONTAILPID `ps axf | grep -v grep | grep -A 1 '^[[:space:]]*$![[:space:]]' | tail -1 | awk '{print $1}' || logfail $LINENO mason-gui-text: YYYY 0001`"
		#I am open to ideas on better ways to figure out the pid of the tail command.  Anyone?  Bueller?
		MASONPID="$MASONPID `ps axf | grep -v grep | grep -A 2 '^[[:space:]]*$![[:space:]]' | tail -1 | awk '{print $1}' || logfail $LINENO mason-gui-text: YYYY 0002`"
		#FIXME - display this first so as not to mix output?
		wrap Mason is now running in the background.  I will be showing the log output.  Press Enter when you want to return to the main menu - Mason will continue to run in the background until you choose \"EL\" from the main menu.
		#tail -f --lines=0 $PACKETLOGFILE $NEWRULEFILE &
		CKPTMGT=" mgt: BL, background tail" ; #ckpt $CKPTMGT
		set +e      #Turn off failure checking - I don't know how to handle a failure return code from it.
		tail -f --lines=0 $NEWRULEFILE &
		VIEWTAILPID="$VIEWTAILPID $!"
		set -e
		echo $ENH Press ${KEY}ENTER${NORM} to return to the main menu
		CKPTMGT=" mgt: BL, press enter" ; #ckpt $CKPTMGT
		read JUNK || :
		CKPTMGT=" mgt: BL, killtail" ; #ckpt $CKPTMGT
		kill -TERM $VIEWTAILPID 2>/dev/null || : ; VIEWTAILPID=""
	  else
#FIXME - check all files
		trap : SIGINT	#make ctrl-c trap do nothing when running mason-decide
		#trap '{ echo Ctrl-C caught by mgt }' SIGINT		#Ctrl-C
		tail -q -f --lines=0 $PACKETLOGFILE $KILLFILES | $MASONEXE | $MASONDECIDE 10<&1 11>>$BASERULEFILE 12>>$NEWRULEFILE 13>>$NEWKILLFILE	#SUDO on tail?
		killrunningmason
		flushfirewall
		runfirewall STANDARD
		trap mgtcleanup SIGINT		#Ctrl-C
	  fi
																;;
	[Ee][Ll])
		showstate 'Mason-gui-text: Ending the learning process'
		if [ -n "`cat $NEWRULEFILE | sed -e 's/#.*//' | grep -v '^[[:space:]]*$' | grep -v '^export' || :`" ]; then		#formerly YYYY 0003
			wrap You still have unmerged rules in $NEWRULEFILE.  Would you like to process them now? ${KEY}Y${NORM}/${KEY}N${NORM}?
			if askYN ; then reprocess-newrules ; fi
		fi
		wrap End Learning.
		killrunningmason
		flushfirewall
		runfirewall STANDARD
																;;
	[Ee][Bb])
		wrap Edit Base rule file.
		showstate 'Mason-gui-text: Edit base rule file'
		if [ -z "$EDITOR" ]; then
			wrap ${WARN}EDITOR was not set in your environment. Please set it with something like \"export EDITOR=mcedit\"${NORM}
			sleep 10
		else
			cp -pf $BASERULEFILE $BASERULEFILE.bak || logfail $LINENO mason-gui-text: YYYY 0004
			addcounts $BASERULEFILE
			$EDITOR $BASERULEFILE || logfail $LINENO mason-gui-text: YYYY 0005
			if diff -bB <(sed -e 's/#.*//' -e 's/[[:space:]]//g' $BASERULEFILE | uniq || logfail $LINENO mason-gui-text: YYYY 0006) <(sed -e 's/#.*//' -e 's/[[:space:]]//g' $BASERULEFILE.bak | uniq || logfail $LINENO mason-gui-text: YYYY 0007) >/dev/null ; then
				wrap No changes made.
			else
				wrap Changes made, restarting firewall
				flushfirewall
				if [ -n "$MASONPID$MASONTAILPID" ]; then
					runfirewall LEARN
				else
					runfirewall STANDARD
				fi
			fi
		fi
																;;
	[Ee][Nn])		
		wrap Edit the new rule file.
		showstate 'Mason-gui-text: Edit new rule file'
		if [ -z "$EDITOR" ]; then
			wrap ${WARN}EDITOR was not set in your environment. Please set it with something like \"export EDITOR=mcedit\"${NORM}
			sleep 10
		else
			if [ -n "$MASONPID$MASONTAILPID" ]; then wrap Ending the learn process. ;										fi
			killrunningmason
			uniqrulefile $NEWRULEFILE
			$EDITOR $NEWRULEFILE || logfail $LINENO mason-gui-text: YYYY 0008
			if diff -bB <(sed -e 's/#.*//' -e 's/[[:space:]]//g' $NEWRULEFILE | uniq || logfail $LINENO mason-gui-text: YYYY 0009) <(sed -e 's/#.*//' -e 's/[[:space:]]//g' $NEWRULEFILE.bak | uniq || logfail $LINENO mason-gui-text: YYYY 0010) >/dev/null ; then
				wrap No changes made.
			else
				if [ -n "$MASONPID$MASONTAILPID" ]; then
					wrap Changes made, restarting firewall
					flushfirewall
					runfirewall LEARN
				else
					wrap Changes made, but no need to restart firewall as Mason is not running.
				fi
			fi
		fi
																;;
	[Mm][Rr])
		CKPTMGT=" mgt: start mr" ; #ckpt $CKPTMGT
		showstate 'Mason-gui-text: Merging rules'
		wrap Do you want to merge some, all, or none of the rules in this file to the base rule file? Enter \"${KEY}some${NORM}\", \"${KEY}all${NORM}\", or \"${KEY}none${NORM}\".
		unset WHATTOMERGE || :
		read WHATTOMERGE || :
		case $WHATTOMERGE in
		[Aa][Ll][Ll])
			CKPTMGT=" mgt: mr all" ; #ckpt $CKPTMGT
			cp -pf $BASERULEFILE $BASERULEFILE.bak || logfail $LINENO mason-gui-text: YYYY 0011
#FIXME - should we or not?
			#uniqrulefile $NEWRULEFILE
			echo "#Rules merged from the new rule file:"	>>$BASERULEFILE
			#cat $NEWRULEFILE | sed -e 's/^/#/'				>>$BASERULEFILE #Use this version if you want to force them commented
			cat $NEWRULEFILE								>>$BASERULEFILE || logfail $LINENO mason-gui-text: YYYY 0012
			cat /dev/null >$NEWRULEFILE || logfail $LINENO mason-gui-text: YYYY 0013
			wrap You will probably want to edit the base rule file next.
																	;;
		[Ss][Oo][Mm][Ee])
			CKPTMGT=" mgt: mr some" ; #ckpt $CKPTMGT
			wrap What string identifies the rules to merge?
			unset MERGEID || :
			read MERGEID || :
			wrap There are `grep "$MERGEID" $NEWRULEFILE | wc -l` rules with that ID, and `grep -v "$MERGEID" $NEWRULEFILE | wc -l` lines without it, `cat $NEWRULEFILE | wc -l` total.
			if echo "Do you want to continue ({KEY}Y${NORM}/${KEY}N${NORM})" ; askYN ; then
				CKPTMGT=" mgt: mr some continue" ; #ckpt $CKPTMGT
				cp -pf $BASERULEFILE $BASERULEFILE.bak || logfail $LINENO mason-gui-text: YYYY 0014
#FIXME - should we or not?
				#uniqrulefile $NEWRULEFILE
				CKPTMGT=" mgt: mr some continue header" ; #ckpt $CKPTMGT
				echo "#Rules merged from the new rule file:"	>>$BASERULEFILE
				#cat $NEWRULEFILE | grep "$MERGEID" | sed -e 's/^/#/'	>>$BASERULEFILE
				CKPTMGT=" mgt: mr some continue append to base" ; #ckpt $CKPTMGT
				cat $NEWRULEFILE | grep "$MERGEID"						>>$BASERULEFILE || :
				CKPTMGT=" mgt: mr some continue remove from new" ; #ckpt $CKPTMGT
				cat $NEWRULEFILE | grep -v "$MERGEID" >$NEWRULEFILE.tmp || :	#Grep returns false if we happen to merge everything.
				CKPTMGT=" mgt: mr some continue overwrite new" ; #ckpt $CKPTMGT
				cat $NEWRULEFILE.tmp >$NEWRULEFILE || :
				CKPTMGT=" mgt: mr some continue remove tmp" ; #ckpt $CKPTMGT
				rm -f $NEWRULEFILE.tmp || :
				wrap You will probably want to edit the base rule file next.
			else
				wrap Aborting merge.
			fi
																	;;
		esac
																;;
	[Cc][Ss])
		if [ -z "$EDITOR" ]; then
			wrap ${WARN}EDITOR was not set in your environment. Please set it with something like \"export EDITOR=mcedit\"${NORM}
			sleep 10
		else
			#wrap Here are the non-comment lines in $MASONCONF:
			#echo
			#cat $MASONCONF | sed -e 's/#.*//' | grep -v '^$' | uniq
			#echo
			#wrap Press ${KEY}enter${NORM} to edit this file
			#read JUNK
			showstate 'Mason-gui-text: Changing settings'
			cp -pf $MASONCONF ${MASONDIR}masonrc.bak || :
			$EDITOR $MASONCONF || logfail $LINENO mason-gui-text: YYYY 0015
			if diff -bB <(sed -e 's/#.*//' -e 's/[[:space:]]//g' $MASONCONF | uniq || logfail $LINENO mason-gui-text: YYYY 0016) <(sed -e 's/#.*//' -e 's/[[:space:]]//g' ${MASONDIR}masonrc.bak | uniq || logfail $LINENO mason-gui-text: YYYY 0017) >/dev/null ; then
				wrap No changes made.
				rm -f ${MASONDIR}masonrc.bak || :
			else
				if [ -f $MASONCONF ]; then
					. $MASONCONF
				fi
				checkconf
				if [ -n "$MASONPID$MASONTAILPID" ]; then
					wrap Changes made, signalling mason to reread configuration.
					kill -USR1 $MASONPID 2>/dev/null || :
				else
					wrap Changes made.
				fi
			fi
		fi
																;;
	[Ll][Cc])
		if ! type -path vlock >/dev/null 2>/dev/null ; then
			wrap ${WARN}The vlock utility is not on this system. It is required to be able to lock the console. Once installed, this option will be available again.${NORM}
			sleep 15
		else
			showstate 'Mason-gui-text: Locked console'
			if [ -n "$MASONPID$MASONTAILPID" ]; then
				#tail -f --lines=0 $PACKETLOGFILE $NEWRULEFILE &
				#FIXME - 'set +e' here?
				tail -f --lines=0 $NEWRULEFILE &
				VIEWTAILPID="$VIEWTAILPID $!"
			else
				wrap Mason is not currently learning, but I will lock this terminal anyways.
			fi	
			vlock || :
			if [ -n "$VIEWTAILPID" ]; then	kill -TERM $VIEWTAILPID 2>/dev/null || : ; VIEWTAILPID="" ;			fi
		fi
																;;
	[Qq])
		showstate 'Mason-gui-text: Exiting'
		if [ -n "`cat $NEWRULEFILE | sed -e 's/#.*//' | grep -v '^[[:space:]]*$' | grep -v '^export' || :`" ]; then		#formerly YYYY 0018
			echo -n $ENH You may still have unmerged rules in $NEWRULEFILE.  Would you like to process these now? ${KEY}Y${NORM}/${KEY}N${NORM}
			if askYN ; then reprocess-newrules ; fi
		fi
		EXITCONTROL="YES"
		wrap Exiting.  Returning to the standard firewall.
		if [ -n "$VIEWTAILPID" ]; then	kill -TERM $VIEWTAILPID 2>/dev/null || : ;	VIEWTAILPID="" ;			fi
		killrunningmason
		flushfirewall
		runfirewall STANDARD
		# ---------------------------------------------------------------------
		# Restart services that modify iptables rules - 2008-04-02 - Scheffczyk
		# ---------------------------------------------------------------------
		wrap Restarting services ...
		RestartServices
		wrap Done!
																;;
	*)	wrap ${WARN}Unknown choice.  Please enter the one or two character code.${NORM}
																;;
	esac

	sleep 2
done

CKPTMGT=""
showstate ''