--- a/src/syslog2iptables.cpp	Tue Sep 18 09:54:22 2007 -0700
+++ b/src/syslog2iptables.cpp	Thu Nov 08 10:52:56 2007 -0800
@@ -1,22 +1,11 @@
-/***************************************************************************
- *	 Copyright (C) 2005 by 510 Software Group							   *
- *																		   *
- *																		   *
- *	 This program is free software; you can redistribute it and/or modify  *
- *	 it under the terms of the GNU General Public License as published by  *
- *	 the Free Software Foundation; either version 2 of the License, or	   *
- *	 (at your option) any later version.								   *
- *																		   *
- *	 This program is distributed in the hope that it will be useful,	   *
- *	 but WITHOUT ANY WARRANTY; without even the implied warranty of 	   *
- *	 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the		   *
- *	 GNU General Public License for more details.						   *
- *																		   *
- *	 You should have received a copy of the GNU General Public License	   *
- *	 along with this program; if not, write to the						   *
- *	 Free Software Foundation, Inc.,									   *
- *	 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.			   *
- ***************************************************************************/
+/*
+
+Copyright (c) 2007 Carl Byington - 510 Software Group, released under
+the GPL version 3 or any later version at your choice available at
+http://www.gnu.org/licenses/gpl-3.0.txt
+
+*/
+
 
 // debug levels:
 // 4 - show syslog lines that match regex
@@ -37,7 +26,8 @@
 static char* syslog2iptables_version = "$Id$";
 
 extern "C" {
-	void sig_chld(int signo);
+    void sigchld(int sig);
+    void sigterm(int sig);
 }
 int  debug_syslog  = 0;
 bool syslog_opened = false;
@@ -94,13 +84,11 @@
 
 ////////////////////////////////////////////////
 //	thread to watch the old config files for changes
-//	and reload when needed. we also cleanup old
-//	configs whose reference count has gone to zero.
+//  and reload when needed.
 //
 void* config_loader(void *arg);
 void* config_loader(void *arg) {
 	typedef set<CONFIG *> configp_set;
-	configp_set old_configs;
 	while (loader_run) {
 		sleep(180);  // look for modifications every 3 minutes
 		if (!loader_run) break;
@@ -119,10 +107,8 @@
 			if (newc) {
 				// replace the global config pointer
 				pthread_mutex_lock(&config_mutex);
-					CONFIG *old = config;
 					config = newc;
 				pthread_mutex_unlock(&config_mutex);
-				if (old) old_configs.insert(old);
 			}
 			else {
 				// failed to load new config
@@ -132,30 +118,16 @@
 				dc.load_time = time(NULL);
 			}
 		}
-		// now look for old configs with zero ref counts
-		for (configp_set::iterator i=old_configs.begin(); i!=old_configs.end(); ) {
-			CONFIG *old = *i;
-			if (!old->reference_count) {
-				if (debug_syslog) {
-					char buf[maxlen];
-					snprintf(buf, sizeof(buf), "freeing memory for old configuration generation %d", old->generation);
-					my_syslog(buf);
-				}
-				delete old; // destructor does all the work
-				old_configs.erase(i++);
-			}
-			else i++;
-		}
 	}
 	return NULL;
 }
 
 
 ////////////////////////////////////////////////
-// The signal handler function -- only gets called when a SIGCHLD
-// is received, ie when a child terminates
+// The signal handler function for child process terminations,
+// called when a child terminates.
 //
-void sig_chld(int signo)
+void sigchld(int sig)
 {
 	int status;
 	/* Wait for any child without blocking */
@@ -165,6 +137,17 @@
 }
 
 
+////////////////////////////////////////////////
+// The termination signal handler function, called to
+// request termination of this process.
+//
+void sigterm(int sig)
+{
+    loader_run = false;
+    signal(sig, SIG_DFL);   // quit on repeated signals
+}
+
+
 void usage(char *prog);
 void usage(char *prog)
 {
@@ -183,17 +166,26 @@
 		c = config;
 		c->reference_count++;
 	pthread_mutex_unlock(&config_mutex);
-	while (true) {
+    while (loader_run) {
 		if (c != config) {
 			pthread_mutex_lock(&config_mutex);
-				c->reference_count--;
-				c = config;
-				c->reference_count++;
+                CONFIG *old = c;    old->reference_count--;
+                c = config;         c->reference_count++;
 			pthread_mutex_unlock(&config_mutex);
+            if (!old->reference_count) {
+                if (debug_syslog) {
+                    char buf[maxlen];
+                    snprintf(buf, sizeof(buf), "freeing memory for old configuration generation %d", old->generation);
+                    my_syslog(buf);
+                }
+                delete old; // destructor does all the work
+            }
 		}
 		c->read();
 		c->sleep(2, t);
 	}
+    // worker shutting down, free all ip addresses
+    c->free_all();
 }
 
 
@@ -265,6 +257,11 @@
 		fclose(f);
 	}
 
+    // setup signal handler for termination signals
+    signal(SIGHUP, sigterm);
+    signal(SIGTERM, sigterm);
+    signal(SIGINT, sigterm);
+
 	// initialize the thread sync objects
 	pthread_mutex_init(&config_mutex, 0);
 	pthread_mutex_init(&syslog_mutex, 0);
@@ -278,7 +275,7 @@
 
 	// setup sigchld handler to prevent zombies
 	struct sigaction act;
-	act.sa_handler = sig_chld;		// Assign sig_chld as our SIGCHLD handler
+    act.sa_handler = sigchld;       // Assign sig_chld as our SIGCHLD handler
 	sigemptyset(&act.sa_mask);		// We don't want to block any other signals in this example
 	act.sa_flags = SA_NOCLDSTOP;	// only want children that have terminated
 	if (sigaction(SIGCHLD, &act, NULL) < 0) {