Update macro documentation for 3.1

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3601 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/capabilities

@@ -9,6 +9,12 @@
 #	the output of "shorewall show capabilities". If the capability
 #	is available, set the corresponding variable to "Yes". Otherwise
 #	leave it empty.
+#
+# You may generate the contents of this file programatically using the
+# 'shorecap' program included with your Shorewall distribution. If you
+# installed using the RPM, the file will be in the Shorewall
+# documentation directory. Otherwise, please find the program in the
+# directory created when you expanded the Shorewall distribution tarball.
 
 NAT_ENABLED=Yes			# NAT
 MANGLE_ENABLED=Yes		# Packet Mangling

docs/Macros.xml

@@ -186,6 +186,48 @@ SMTP/DNAT:info   net      loc</programlisting>
             <programlisting>#ACTION          SOURCE   DEST            PROTO    DEST PORT(S)
 DNAT:info        net      loc:192.168.1.5 tcp      25</programlisting>
           </blockquote>
+
+          <para>Beginning with Shorewall 3.1, you may also specify SOURCE or
+          DEST in the SOURCE and DEST columns. This allows you to define
+          macros that work in both directions.</para>
+
+          <para>Example 3:</para>
+
+          <blockquote>
+            <para><filename>/etc/shorewall/macro.SMBBI</filename> (Note: there
+            is already a macro like this released as part of Shorewall 3.1 and
+            later):</para>
+
+            <programlisting>#ACTION SOURCE  DEST    PROTO   DEST    SOURCE  ORIGINAL        RATE    USER/
+#                               PORT    PORT(S) DEST            LIMIT   GROUP
+PARAM   -       -       udp     135,445
+PARAM   -       -       udp     137:139
+PARAM   -       -       udp     1024:   137
+PARAM   -       -       tcp     135,139,445
+PARAM   DEST    SOURCE  udp     135,445
+PARAM   DEST    SOURCE  udp     137:139
+PARAM   DEST    SOURCE  udp     1024:   137
+PARAM   DEST    SOURCE  tcp     135,139,445
+#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE</programlisting>
+
+            <para>/etc/shorewall/rules:</para>
+
+            <programlisting>#ACTION          SOURCE   DEST            PROTO    DEST PORT(S)
+SMBBI/ACCEPT     loc      fw</programlisting>
+
+            <para>This would be equivalent to coding the following directly in
+            /etc/shorewall/rules</para>
+
+            <programlisting>#ACTION          SOURCE   DEST            PROTO    DEST PORT(S)
+ACCEPT           loc      fw              udp      135,445
+ACCEPT           loc      fw              udp      137:139
+ACCEPT           loc      fw              udp      1024:   137
+ACCEPT           loc      fw              tcp      135,139,445
+ACCEPT           fw       loc             udp      135,445
+ACCEPT           fw       loc             udp      137:139
+ACCEPT           fw       loc             udp      1024:   137
+ACCEPT           fw       loc             tcp      135,139,445</programlisting>
+          </blockquote>
         </listitem>
       </varlistentry>
 
@@ -299,6 +341,8 @@ DNAT:info        net      loc:192.168.1.5 tcp      25</programlisting>
         system through eth1. This may be optionally followed by another colon
         (<quote>:</quote>) and an IP/MAC/subnet address as described above
         (e.g. eth1:192.168.1.5).</para>
+
+        <para>May also contain 'DEST' as described above.</para>
       </listitem>
 
       <listitem>
@@ -308,6 +352,8 @@ DNAT:info        net      loc:192.168.1.5 tcp      25</programlisting>
         <para>Unlike in the SOURCE column, you may specify a range of up to
         256 IP addresses using the syntax &lt;<emphasis>first
         ip</emphasis>&gt;-&lt;<emphasis>last ip</emphasis>&gt;.</para>
+
+        <para>May also contain 'SOURCE' as described above.</para>
       </listitem>
 
       <listitem>