Document additional parameters to standard default actions and DEFAULT in macro files

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall/changelog.txt

@@ -6,6 +6,8 @@ Changes in Shorewall 4.4.21 Beta 3
 
 3)  Rename read_action_param and change signature.
 
+4)  Add DEFAULT to macro files.
+
 Changes in Shorewall 4.4.21 Beta 2
 
 1)  Implement the 'update' command.

Shorewall/releasenotes.txt

@@ -39,8 +39,19 @@ None.
     is the default value for the second parameter and so on. To specify
     an empty default, use '-'.
 
-3)  The standard Drop and Reject actions are now parameterized. Each 
+3)  Macros may now specify a default parameter value using the DEFAULT
-    has three parameters:
+    directive.
+
+	DEFAULT <default>
+
+    Example macro.Foo -- by default, accepts connections on ficticous
+    	    	      	 tcp port 'foo'.
+
+    	DEFAULT ACCEPT
+	PARAM	-	-	tcp	foo
+
+4)  The standard Drop and Reject actions are now parameterized. Each 
+    has 5 parameters:
 
     1) Pass 'audit' if you want all ACCEPTs, DROPs and REJECTs audited.
        Pass '-' otherwise.
@@ -62,6 +73,21 @@ None.
 	      Reject	 audit				A_REJECT
 	      Drop	 audit				A_DROP
 
+    4)  The action to be applied to accepted ICMP packets.
+
+       	      FIRST PARAMETER           DEFAULT
+
+	      -	    			ACCEPT
+	      audit			A_ACCEPT
+
+    5)  The action to be applied to UPnP (udp port 1900) and late DNS
+    	replies (udp source port 53)
+
+       	      FIRST PARAMETER           DEFAULT
+
+	      -	    			DROP
+	      audit			A_DROP
+
     The parameters can be passed in the POLICY column of the policy
     file.
 
@@ -80,7 +106,7 @@ None.
 
 	DROP_DEFAULT=Drop(-,DROP)
 
-4)  An 'update' command has been added to /sbin/shorewall and
+5)  An 'update' command has been added to /sbin/shorewall and
     /sbin/shorewall6. The command validates the configuration and then
     updates the shorewall.conf (shorewall6.conf) file. The updated file
     will set any new options with their default values and will move
@@ -95,7 +121,7 @@ None.
     '-a' option that causes the updated file to be annotated with
     documentation.
 
-5)  Shorewall6 now supports ipsets. 
+6)  Shorewall6 now supports ipsets. 
 
     Unlike iptables, which has separate configurations for IPv4 and
     IPv6, ipset has a single configuration that handles both. This
@@ -118,7 +144,7 @@ None.
     saved ipsets if SAVE_IPSETS=Yes in shorewall.conf
     (shorewall6.conf).
 
-6)  Shorewall6 now supports dynamic zones:
+7)  Shorewall6 now supports dynamic zones:
 
     1) The nets=dynamic option is allowed in /etc/shorewall6/interfaces
     2) The HOSTS column of /etc/shorewall6/hosts may now contain

docs/Actions.xml

@@ -174,7 +174,7 @@ ACCEPT   -              -               tcp     135,139,445
     </important>
 
     <para>Beginning with Shorewall 4.4.21, the standard Drop and Reject
-    options are parameterized. Each has three parameters as follows:</para>
+    options are parameterized. Each has five parameters as follows:</para>
 
     <informaltable>
       <tgroup cols="4">
@@ -254,6 +254,30 @@ ACCEPT   -              -               tcp     135,139,445
             <entry>REJECT or A_REJECT depending on the setting of parameter
             1</entry>
           </row>
+
+          <row>
+            <entry>Both</entry>
+
+            <entry>4</entry>
+
+            <entry>Determines what to do with accepted critical ICMP
+            packets.</entry>
+
+            <entry>ACCEPT or A_ACCEPT depending on the setting of parameter
+            1</entry>
+          </row>
+
+          <row>
+            <entry>Both</entry>
+
+            <entry>5</entry>
+
+            <entry>Determines what to do with late-arriving DNS replies
+            (source port 53) or UPnP (udp port 1900).</entry>
+
+            <entry>DROP or A_DROP depending on the setting of parameter
+            1.</entry>
+          </row>
         </tbody>
       </tgroup>
     </informaltable>