2008-12-07 19:17:26 +01:00
|
|
|
#
|
|
|
|
# Shorewall version 4 - Macro Template
|
|
|
|
#
|
|
|
|
# /usr/share/shorewall/macro.template
|
|
|
|
#
|
|
|
|
# Macro files are similar to action files with the following exceptions:
|
|
|
|
#
|
|
|
|
# - A macro file is not processed unless the marcro that it defines is
|
|
|
|
# referenced in the /etc/shorewall/rules file or in an action
|
|
|
|
# definition file.
|
|
|
|
#
|
|
|
|
# - Macros are translated directly into one or more rules whereas
|
|
|
|
# actions become their own chain.
|
|
|
|
#
|
|
|
|
# - All entries in a macro undergo substitution when the macro is
|
|
|
|
# invoked in the rules file.
|
|
|
|
#
|
2010-12-13 18:06:29 +01:00
|
|
|
# Columns are the same as in /etc/shorewall/rules.
|
2008-12-07 19:17:26 +01:00
|
|
|
# A few examples should help show how Macros work.
|
|
|
|
#
|
|
|
|
# /etc/shorewall/macro.FwdFTP:
|
|
|
|
#
|
|
|
|
# #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/
|
|
|
|
# # PORT(S) PORT(S) DEST LIMIT GROUP
|
|
|
|
# DNAT - - tcp 21
|
|
|
|
#
|
|
|
|
# /etc/shorewall/rules:
|
|
|
|
#
|
|
|
|
# #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/
|
|
|
|
# # PORT(S) PORT(S) DEST LIMIT GROUP
|
|
|
|
# FwdFTP net loc:192.168.1.5
|
|
|
|
#
|
|
|
|
# The result is equivalent to:
|
|
|
|
#
|
|
|
|
# #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/
|
|
|
|
# # PORT(S) PORT(S) DEST LIMIT GROUP
|
|
|
|
# DNAT net loc:192.168.1.5 tcp 21
|
|
|
|
#
|
|
|
|
# The substitution rules are as follows:
|
|
|
|
#
|
|
|
|
# ACTION column If in the invocation of the macro, the macro
|
|
|
|
# name is followed by slash ("/") and a second
|
|
|
|
# name, the second name is substituted for each
|
|
|
|
# entry in the macro whose ACTION is PARAM
|
|
|
|
#
|
|
|
|
# For example, if macro FOO is invoked as
|
|
|
|
# FOO/ACCEPT then when expanding macro.FOO,
|
|
|
|
# Shorewall will substitute ACCEPT in each
|
|
|
|
# entry in macro.FOO whose ACTION column
|
|
|
|
# contains PARAM. PARAM may be optionally
|
|
|
|
# followed by a colon and a log level.
|
|
|
|
#
|
|
|
|
# You may also follow the
|
|
|
|
#
|
|
|
|
# Any logging specified when the macro is
|
|
|
|
# invoked is applied to each entry in the macros.
|
|
|
|
#
|
|
|
|
# SOURCE and DEST If the column in the macro is empty then the
|
|
|
|
# columns value in the rules file is used. If the column
|
|
|
|
# in the macro is non-empty then any value in
|
|
|
|
# the rules file is appended with a ":"
|
|
|
|
# separator.
|
|
|
|
#
|
|
|
|
# Example: ###############################################
|
|
|
|
# #ACTION SOURCE DEST PROTO DEST
|
|
|
|
# # PORT(S)
|
|
|
|
# macro.FTP File PARAM net loc tcp 21
|
|
|
|
# rules File FTP/DNAT - 192.168.1.5
|
|
|
|
# Result DNAT net loc:192.168.1.5 tcp 21
|
|
|
|
#
|
|
|
|
# Remaining Any value in the rules file REPLACES the value
|
|
|
|
# columns given in the macro file.
|
|
|
|
#
|
|
|
|
#######################################################################################################
|
|
|
|
# DO NOT REMOVE THE FOLLOWING LINE
|
|
|
|
FORMAT 2
|
2010-12-13 18:06:29 +01:00
|
|
|
####################################################################################################################################################################
|
|
|
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS
|
|
|
|
# PORT PORT(S) DEST LIMIT GROUP
|