Allow COMMENT in macro bodies

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7839 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall-common/changelog.txt

@@ -16,6 +16,8 @@ Changes in 4.1.2
 
 8)  Add 'nomarks' OPTION to tcdevices.
 
+9)  Add COMMENTs to macros.
+
 Changes in 4.1.1
 
 1)  Fix ULOG/NFLOG output.

Shorewall-common/macro.AllowICMPs

@@ -8,6 +8,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT Needed ICMP types
+
 ACCEPT	-	-	icmp	fragmentation-needed
 ACCEPT	-	-	icmp	time-exceeded
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.Amanda

@@ -10,6 +10,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT Amanda
+
 PARAM	-	-	udp	10080
 #
 # You may also need this rule.  With AMANDA 2.4.4 on Linux kernel 2.6,

Shorewall-common/macro.Auth

@@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT Auth
+
 PARAM	-	-	tcp	113
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.BitTorrent

@@ -8,6 +8,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT BitTorrent
+
 PARAM	-	-	tcp	6881:6889
 #
 # It may also be necessary to allow UDP traffic:

Shorewall-common/macro.CVS

@@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT CVS
+
 PARAM	-	-	tcp	2401
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.DNS

@@ -8,6 +8,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT DNS
+
 PARAM	-	-	udp	53
 PARAM	-	-	tcp	53
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.DropDNSrep

@@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT Late DNS Replies
+
 DROP	-	-	udp	-	53
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.DropUPnP

@@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT UPPnP
+
 DROP	-	-	udp	1900
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.Edonkey

@@ -30,6 +30,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT Edonkey
+
 PARAM	-	-	tcp	4662
 PARAM	-	-	udp	4665
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.FTP

@@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT FTP
+
 PARAM	-	-	tcp	21
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.Finger

@@ -9,5 +9,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT Finger
+
 PARAM	-	-	tcp	79
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.GRE

@@ -8,6 +8,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT GRE
+
 PARAM	-	-	47	# GRE
 PARAM	DEST	SOURCE	47	# GRE
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.Gnutella

@@ -8,6 +8,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT Gnutella
+
 PARAM	-	-	tcp	6346
 PARAM	-	-	udp	6346
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.HTTP

@@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT HTTP
+
 PARAM	-	-	tcp	80
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.HTTPS

@@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT HTTPS
+
 PARAM	-	-	tcp	443
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.ICQ

@@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT ICQ
+
 PARAM	-	-	tcp	5190
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.IMAP

@@ -9,5 +9,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT IMAP
+
 PARAM	-	-	tcp	143
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.IMAPS

@@ -9,5 +9,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT IMAPS
+
 PARAM	-	-	tcp	993
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.IPIP

@@ -8,6 +8,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT IPIP
+
 PARAM	-	-	94	# IPIP
 PARAM	DEST	SOURCE	94	# IPIP
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.IPP

@@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT IPP
+
 PARAM	-	-	tcp	631
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.IPPserver

@@ -25,6 +25,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT IPPServer
+
 PARAM	SOURCE	DEST	tcp	631
 PARAM	DEST	SOURCE	udp	631
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.IPsec

@@ -8,6 +8,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT IPsec
+
 PARAM	-	-	udp	500	500	# IKE
 PARAM	-	-	50			# ESP
 PARAM	DEST	SOURCE	udp	500	500	# IKE

Shorewall-common/macro.IPsecah

@@ -9,6 +9,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT IPsecah
+
 PARAM	-	-	udp	500	500	# IKE
 PARAM	-	-	51			# AH
 PARAM	DEST	SOURCE	udp	500	500	# IKE

Shorewall-common/macro.IPsecnat

@@ -8,6 +8,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT IPsecnat
+
 PARAM	-	-	udp	500	# IKE
 PARAM	-	-	udp	4500	# NAT-T
 PARAM	-	-	50		# ESP

Shorewall-common/macro.JabberPlain

@@ -8,5 +8,8 @@
 ###############################################################################
 #TARGET	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT Jabber
+
 PARAM	-	-	tcp	5222
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.JabberSecure

@@ -8,5 +8,8 @@
 ###############################################################################
 #TARGET	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT JabberSecure
+
 PARAM	-	-	tcp	5223
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.Jabberd

@@ -8,5 +8,8 @@
 ###############################################################################
 #TARGET	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT Jabberd
+
 PARAM	-	-	tcp	5269
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.Jetdirect

@@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT JetDirect
+
 PARAM	-	-	tcp	9100
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.L2TP

@@ -8,6 +8,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT L2TP
+
 PARAM	-	-	udp	1701	# L2TP
 PARAM	DEST	SOURCE	udp	1701	# L2TP
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.LDAP

@@ -13,5 +13,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT LDAP
+
 PARAM	-	-	tcp	389
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.LDAPS

@@ -13,5 +13,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT LDAPS
+
 PARAM	-	-	tcp	636
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.MySQL

@@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT MySQL
+
 PARAM	-	-	tcp	3306
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.NNTP

@@ -9,5 +9,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT NNTP
+
 PARAM	-	-	tcp	119
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.NNTPS

@@ -9,5 +9,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT NNTPS
+
 PARAM	-	-	tcp	563
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.NTP

@@ -9,5 +9,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT NTP
+
 PARAM	-	-	udp	123
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.NTPbrd

@@ -13,6 +13,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT NTPbrd
+
 PARAM	-		-		udp	123
 PARAM	-		-		udp	1024:	123
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.PCA

@@ -8,6 +8,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT PCAnywhere
+
 PARAM	-	-	udp	5632
 PARAM	-	-	tcp	5631
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.POP3

@@ -9,5 +9,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT POP3
+
 PARAM	-	-	tcp	110
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.POP3S

@@ -9,5 +9,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT POP3S
+
 PARAM	-	-	tcp	995	# Secure POP3
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.Ping

@@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT Ping
+
 PARAM	-	-	icmp	8
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.PostgreSQL

@@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT  PostgreSQL
+
 PARAM	-	-	tcp	5432
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.Printer

@@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT Printer
+
 PARAM	-	-	tcp	515
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.RDP

@@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT Remote Desktop
+
 PARAM	-	-	tcp	3389
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.Rdate

@@ -12,5 +12,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT Rdate
+
 PARAM	-	-	tcp	37
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.Rsync

@@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT Rsync
+
 PARAM	-	-	tcp	873
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.SMB

@@ -12,6 +12,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT SMB
+
 PARAM	-	-	udp	135,445
 PARAM	-	-	udp	137:139
 PARAM	-	-	udp	1024:	137

Shorewall-common/macro.SMBBI

@@ -12,6 +12,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT SMBBI
+
 PARAM	-	-	udp	135,445
 PARAM	-	-	udp	137:139
 PARAM	-	-	udp	1024:	137

Shorewall-common/macro.SMBswat

@@ -9,5 +9,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT Swat
+
 PARAM	-	-	tcp	901
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.SMTP

@@ -16,5 +16,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT SMTP
+
 PARAM	-	-	tcp	25
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.SMTPS

@@ -13,5 +13,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT SMTPS
+
 PARAM	-	-	tcp	465
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.SNMP

@@ -8,6 +8,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT SNMP
+
 PARAM	-	-	udp	161:162
 PARAM	-	-	tcp	161
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.SPAMD

@@ -8,5 +8,7 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+COMMENT Spamd
+
 PARAM	-	-	tcp	783
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.SSH

@@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT SSH
+
 PARAM	-	-	tcp	22
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.SVN

@@ -9,5 +9,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT Subversion
+
 PARAM	-	-	tcp	3690
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.SixXS

@@ -3,11 +3,14 @@
 #
 # /usr/share/shorewall/macro.SixXS
 #
-#	This macro handles SixXS -- An IPv6 Deployment and Tunnel Broken
+#	This macro handles SixXS -- An IPv6 Deployment and Tunnel Broker
 #
 ###############################################################################
 #ACTION		SOURCE		PROTO	DEST	SOURCE	RATE	USER/
 #					PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT SixXS
+
 PARAM		-		-	tcp	3874      # Used for retrieving the tunnel information (eg by AICCU)
 PARAM		-		-	udp	3740      # Used for signaling where the current IPv4 endpoint
 						          # of the tunnel is and that it is alive

Shorewall-common/macro.Submission

@@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT Submission
+
 PARAM	-	-	tcp	587
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.Syslog

@@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT Syslog
+
 PARAM	-	-	udp	514
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.TFTP

@@ -10,5 +10,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT TFTP
+
 PARAM	-	-	udp	69
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.Telnet

@@ -9,5 +9,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT Telnet
+
 PARAM	-	-	tcp	23
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.Telnets

@@ -9,5 +9,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT Telnets
+
 PARAM	-	-	tcp	992
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.Time

@@ -10,5 +10,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT Time
+
 PARAM	-	-	tcp	37
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.Trcrt

@@ -8,6 +8,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT Traceroute
+
 PARAM	-	-	udp	33434:33524 # UDP Traceroute
 PARAM	-	-	icmp	8	    # ICMP Traceroute
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.VNC

@@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT VNC
+
 PARAM	-	-	tcp	5900:5909
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.VNCL

@@ -9,5 +9,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT VNC Listen Mode
+
 PARAM	-	-	tcp	5500
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.Web

@@ -10,6 +10,9 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT Web
+
 PARAM	-	-	tcp	80	# HTTP (plaintext)
 PARAM	-	-	tcp	443	# HTTPS (over SSL)
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.Webmin

@@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT Webmin
+
 PARAM	-	-	tcp	10000
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/macro.Whois

@@ -8,5 +8,8 @@
 ###############################################################################
 #ACTION	SOURCE	PROTO	DEST	SOURCE	RATE	USER/
 #			PORT(S)	PORT(S)	LIMIT	GROUP
+
+COMMENT Whois
+
 PARAM	-	-	tcp	43
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/releasenotes.txt

@@ -191,6 +191,37 @@ Other changes in Shorewall 4.1.2.
     DMZ traffic. I use CLASSIFY rules to assign traffic to the first
     and third class and let the rest default to the second class.
 
+5)  COMMENT lines are now supported in macro bodies by Shorewall-perl
+    and are ignored by the Shorewall-shell compiler. The standard
+    macros (with the exception of macro.Drop and macro.Reject) have
+    been modified to include a COMMENT line describing the macro.
+    
+    COMMENT lines in macros work slightly differently from COMMENT
+    lines in other files. COMMENT lines in macros are ignored if
+    COMMENT support is not available or if there was a COMMENT in use
+    when the top-level macro was invoked. This allows the
+    following:
+
+	/usr/share/shorewall/macro.SSH:
+
+	    #ACTION SOURCE  PROTO   DEST    SOURCE  RATE    USER/
+	    #                       PORT(S) PORT(S) LIMIT   GROUP
+	    COMMENT SSH
+	    PARAM   -       -       tcp     22
+
+	/etc/shorewall/rules:
+
+	    COMMENT Allow SSH from home
+	    SSH/ALLOW     net:$MYIP	$FW
+	    COMMENT
+   
+	The comment line in macro.SSH will not override the 
+	COMMENT line in the rules file and the generated rule will show
+
+		/* Allow SSH from home */
+
+	when displayed through the Shorewall show and dump commands.
+
 Migration Issues.
 
 1)  Previously, when HIGH_ROUTE_MARKS=Yes, Shorewall allowed non-zero

Shorewall-perl/Shorewall/Actions.pm

@@ -405,7 +405,9 @@ sub process_macro1 ( $$ ) {
     push_open( $macrofile );
 
     while ( read_a_line ) {
-	my ( $mtarget, $msource,  $mdest,  $mproto,  $mports,  $msports, $ mrate, $muser ) = split_line 1, 8, 'macro file';
+	my ( $mtarget, $msource,  $mdest,  $mproto,  $mports,  $msports, $ mrate, $muser ) = split_line1 1, 8, 'macro file';
+
+	next if $mtarget eq 'COMMENT';
 
 	$mtarget =~ s/:.*$//;
 
@@ -576,13 +578,20 @@ sub process_action( $$$$$$$$$$ ) {
 sub process_macro3( $$$$$$$$$$$ ) {
     my ( $fn, $param, $chainref, $action, $source, $dest, $proto, $ports, $sports, $rate, $user ) = @_;
 
+    my $nocomment = no_comment;
+
     progress_message "..Expanding Macro $fn...";
 
     push_open $fn;
 
     while ( read_a_line ) {
 
-	my ( $mtarget, $msource, $mdest, $mproto, $mports, $msports, $mrate, $muser ) = split_line 1, 8, 'macro file';
+	my ( $mtarget, $msource, $mdest, $mproto, $mports, $msports, $mrate, $muser ) = split_line1 1, 8, 'macro file';
+
+	if ( $mtarget eq 'COMMENT' ) {
+	    process_comment unless $nocomment;
+	    next;
+	}
 
 	if ( $mtarget =~ /^PARAM:?/ ) {
 	    fatal_error 'PARAM requires that a parameter be supplied in macro invocation' unless $param;
@@ -628,7 +637,9 @@ sub process_macro3( $$$$$$$$$$$ ) {
 
     pop_open;
 
-    progress_message '..End Macro'
+    progress_message '..End Macro';
+
+    clear_comment unless $nocomment;
 }
 
 #

Shorewall-perl/Shorewall/Chains.pm

@@ -69,6 +69,7 @@ our %EXPORT_TAGS = (
 				       add_command
 				       add_commands
 				       process_comment
+				       no_comment
 				       clear_comment
 				       incr_cmd_level
 				       decr_cmd_level
@@ -348,6 +349,13 @@ sub process_comment() {
     }
 }
 
+#
+# Returns True if there is a current COMMENT or if COMMENTS are not available.
+#
+sub no_comment() {
+    $comment ? 1 : $capabilities{COMMENTS} ? 0 : 1;
+}
+
 #
 # Clear the $comment variable
 #

Shorewall-perl/Shorewall/Rules.pm

@@ -824,13 +824,20 @@ sub process_rule1 ( $$$$$$$$$$$ );
 sub process_macro ( $$$$$$$$$$$$$ ) {
     my ($macrofile, $target, $param, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $wildcard ) = @_;
 
+    my $nocomment = no_comment;
+
     progress_message "..Expanding Macro $macrofile...";
 
     push_open $macrofile;
 
     while ( read_a_line ) {
 
-	my ( $mtarget, $msource, $mdest, $mproto, $mports, $msports, $mrate, $muser ) = split_line 1, 8, 'macro file';
+	my ( $mtarget, $msource, $mdest, $mproto, $mports, $msports, $mrate, $muser ) = split_line1 1, 8, 'macro file';
+
+	if ( $mtarget eq 'COMMENT' ) {
+	    process_comment unless $nocomment;
+	    next;
+	}
 
 	$mtarget = merge_levels $target, $mtarget;
 
@@ -884,9 +891,11 @@ sub process_macro ( $$$$$$$$$$$$$ ) {
 
     pop_open;
 
-    progress_message "..End Macro $macrofile"
-}
+    progress_message "..End Macro $macrofile";
 
+    clear_comment unless $nocomment;
+
+}
 #
 # Once a rule has been expanded via wildcards (source and/or dest zone == 'all'), it is processed by this function. If
 # the target is a macro, the macro is expanded and this function is called recursively for each rule in the expansion.

Shorewall-shell/compiler

@@ -2503,6 +2503,9 @@ process_macro() # $1 = target
     progress_message "..Expanding Macro $(find_file macro.${itarget%%:*})..."
 
     while read mtarget mclients mservers mprotocol mports mcports mratelimit muserspec; do
+
+	[ mtarget eq 'COMMENT' ] && continue
+
 	mtarget=$(merge_levels $itarget $mtarget)
 
 	case $mtarget in

Shorewall-shell/lib.actions

@@ -642,6 +642,9 @@ process_actions1() {
 					    progress_message "   ..Expanding Macro $fn..."
 
 					    while read mtarget mclients mservers mprotocol mports mcports mratelimit muserspec; do
+
+						[ $mtarget eq COMMENT ] && continue
+
 						temp="${mtarget%%:*}"
 						case "$temp" in
 						    ACCEPT|DROP|REJECT|LOG|QUEUE|CONTINUE|PARAM)
@@ -790,8 +793,11 @@ process_action3() {
 	    esac
 
 	    progress_message "..Expanding Macro $(find_file macro.$xtarget1)..."
+
 	    while read mtarget mclients mservers mprotocol mports mcports mratelimit muserspec; do
 
+		[ $mtarget eq COMMENT ] && continue
+
 		mtarget=$(merge_levels $xaction2 $mtarget)
 
 		case $mtarget in