Separated out all SSL services from their plaintext equivalents, added a

few comments about usage.  Suggest deprecating macro.Web in favour of
HTTP & HTTPS.  Any comments?


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3383 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/macro.HTTP

@@ -0,0 +1,12 @@
+#
+# Shorewall version 3.2 - HTTP Macro
+#
+# /usr/share/shorewall/macro.HTTP
+#
+#	This macro handles plaintext HTTP (WWW) traffic.
+#
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGINAL	RATE	USER/
+#				PORT	PORT(S)	DEST		LIMIT	GROUP
+PARAM	-	-	tcp	80
+#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/macro.HTTPS

@@ -0,0 +1,12 @@
+#
+# Shorewall version 3.2 - HTTPS Macro
+#
+# /usr/share/shorewall/macro.HTTPS
+#
+#	This macro handles HTTPS (WWW over SSL) traffic.
+#
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGINAL	RATE	USER/
+#				PORT	PORT(S)	DEST		LIMIT	GROUP
+PARAM	-	-	tcp	443
+#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/macro.IMAP

@@ -3,11 +3,11 @@
 #
 # /usr/share/shorewall/macro.IMAP
 #
-#	This macro handles IMAP traffic (secure and insecure).
+#	This macro handles plaintext IMAP traffic.  For encrypted IMAP,
+#	see macro.IMAPS.
 #
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGINAL	RATE	USER/
 #				PORT	PORT(S)	DEST		LIMIT	GROUP
-PARAM	-	-	tcp	143	# Unsecure IMAP	
+PARAM	-	-	tcp	143
-PARAM	-	-	tcp	993	# Secure IMAP
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/macro.IMAPS

@@ -0,0 +1,13 @@
+#
+# Shorewall version 3.2 - IMAPS Macro
+#
+# /usr/share/shorewall/macro.IMAPS
+#
+#	This macro handles encrypted IMAP traffic.  For plaintext IMAP
+#	(not recommended), see macro.IMAP.
+#
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGINAL	RATE	USER/
+#				PORT	PORT(S)	DEST		LIMIT	GROUP
+PARAM	-	-	tcp	993
+#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/macro.LDAP

@@ -3,11 +3,15 @@
 #
 # /usr/share/shorewall/macro.LDAP
 #
-#	This macro handles LDAP traffic (secure and insecure)
+#	This macro handles plaintext LDAP traffic.  For encrypted LDAP
+#	traffic, see macro.LDAPS.  Use of LDAPS is recommended (and is
+#	required by some directory services) if you want to do user
+#	authentication over LDAP.  Note that some LDAP implementations
+#	support initiating TLS connections via the plaintext LDAP port.
+#	Consult your LDAP server documentation for details.
 #
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGINAL	RATE	USER/
 #				PORT	PORT(S)	DEST		LIMIT	GROUP
-PARAM	-	-	tcp	389	# plaintext
+PARAM	-	-	tcp	389
-PARAM	-	-	tcp	636	# over SSL
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/macro.LDAPS

@@ -0,0 +1,17 @@
+#
+# Shorewall version 3.2 - LDAPS Macro
+#
+# /usr/share/shorewall/macro.LDAPS
+#
+#	This macro handles encrypted LDAP traffic.  For plaintext LDAP
+#	traffic, see macro.LDAP.  Use of LDAPS is recommended (and is
+#	required by some directory services) if you want to do user
+#	authentication over LDAP.  Note that some LDAP implementations
+#	support initiating TLS connections via the plaintext LDAP port.
+#	Consult your LDAP server documentation for details.
+#
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGINAL	RATE	USER/
+#				PORT	PORT(S)	DEST		LIMIT	GROUP
+PARAM	-	-	tcp	636
+#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/macro.NNTP

@@ -3,11 +3,11 @@
 #
 # /usr/share/shorewall/macro.NNTP
 #
-#	This macro handles NNTP traffic (Usenet) and encrypted NNTP (NNTPS)
+#	This macro handles plaintext NNTP traffic (Usenet).  For
+#	encrypted NNTP, see macro.NNTPS.
 #
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGINAL	RATE	USER/
 #				PORT	PORT(S)	DEST		LIMIT	GROUP
-PARAM	-	-	tcp	119	# plaintext
+PARAM	-	-	tcp	119
-PARAM	-	-	tcp	563	# over SSL
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/macro.NNTPS

@@ -0,0 +1,13 @@
+#
+# Shorewall version 3.2 NNTPS Macro
+#
+# /usr/share/shorewall/macro.NNTPS
+#
+#	This macro handles encrypted NNTP traffic (Usenet).  For
+#	plaintext NNTP, see macro.NNTP.
+#
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGINAL	RATE	USER/
+#				PORT	PORT(S)	DEST		LIMIT	GROUP
+PARAM	-	-	tcp	563
+#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/macro.POP3

@@ -3,11 +3,11 @@
 #
 # /usr/share/shorewall/macro.POP3
 #
-#	This macro handles POP3 traffic (secure and insecure).
+#	This macro handles plaintext POP3 traffic.  For encrypted POP3,
+#	see macro.POP3S.
 #
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGINAL	RATE	USER/
 #				PORT	PORT(S)	DEST		LIMIT	GROUP
-PARAM	-	-	tcp	110	# Unsecure POP3	
+PARAM	-	-	tcp	110
-PARAM	-	-	tcp	995	# Secure POP3
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/macro.POP3S

@@ -0,0 +1,13 @@
+#
+# Shorewall version 3.2 - POP3S Macro
+#
+# /usr/share/shorewall/macro.POP3S
+#
+#	This macro handles encrypted POP3 traffic.  For plaintext POP3,
+#	see macro.POP3.
+#
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGINAL	RATE	USER/
+#				PORT	PORT(S)	DEST		LIMIT	GROUP
+PARAM	-	-	tcp	995	# Secure POP3
+#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/macro.SMTP

@@ -3,7 +3,10 @@
 #
 # /usr/share/shorewall/macro.SMTP
 #
-#	This macro handles SMTP (email) traffic.
+#	This macro handles plaintext SMTP (email) traffic.  For SMTP
+#	encrypted over SSL, use macro.SMTPS.  Note that STARTTLS can be
+#	used over the standard STMP port, so the use of this macro
+#	doesn't necessarily imply the use of an insecure connection.
 #
 #	Note: This macro handles traffic between an MUA (Email client)
 #	and an MTA (mail server) or between MTAs. It does not enable
@@ -13,6 +16,5 @@
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGINAL	RATE	USER/
 #				PORT	PORT(S)	DEST		LIMIT	GROUP
-PARAM	-	-	tcp	25	# plaintext
+PARAM	-	-	tcp	25
-PARAM	-	-	tcp	465	# over SSL
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/macro.SMTPS

@@ -0,0 +1,17 @@
+#
+# Shorewall version 3.2 - SMTPS Macro
+#
+# /usr/share/shorewall/macro.SMTPS
+#
+#	This macro handles encrypted SMTPS (email) traffic.
+#
+#	Note: This macro handles traffic between an MUA (Email client)
+#	and an MTA (mail server) or between MTAs. It does not enable
+#	reading of email via POP3 or IMAP. For those you need to use
+#	the POP3(S) or IMAP(S) macros.
+#
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGINAL	RATE	USER/
+#				PORT	PORT(S)	DEST		LIMIT	GROUP
+PARAM	-	-	tcp	465
+#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/macro.Web

@@ -3,7 +3,9 @@
 #
 # /usr/share/shorewall/macro.Web
 #
-#	This macro handles WWW traffic (secure and insecure).
+#	This macro handles WWW traffic (secure and insecure).  This
+#	macro is deprecated - use of macro.HTTP and macro.HTTPS instead
+#	is recommended.
 #
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGINAL	RATE	USER/