shorewall_code/Shorewall/macro.template
2005-08-29 20:01:04 +00:00

82 lines
2.5 KiB
Plaintext

#
# Shorewall version 2.6 - Template Macro
#
# /usr/share/shorewall/macro.template
#
# Macro files are similar to template files with the following exceptions:
#
# - A macro file is not processed unless the marcro that it defines is
# referenced in the /etc/shorewall/rules file or in an action
# definition file.
#
# - Macros are translated directly into one or more rules whereas
# actions become their own chain.
#
# - All entries in a macro undergo substitution when the macro is
# invoked in the rules file.
#
# - Macros may not invoke other macros.
#
# A few examples should help show how Macros work.
#
# /etc/shorewall/macro.FwdFTP:
#
# #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/
# # PORT PORT(S) LIMIT GROUP
# DNAT - - tcp 21
#
# /etc/shorewall/rules:
#
# #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/
# # PORT PORT(S) DEST LIMIT GROUP
# FwdFTP net loc:192.168.1.5
#
# The result is equivalent to:
#
# #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/
# # PORT PORT(S) DEST LIMIT GROUP
# DNAT net loc:192.168.1.5 tcp 21
#
# The substitution rules are as follows:
#
# ACTION column If in the invocation of the macro, the macro
# name is followed by slash ("/") and a second
# name, the second name is substituted for each
# entry in the macro whose ACTION is PARAM
#
# For example, if macro FOO is invoked as
# FOO/ACCEPT then when expanding macro.FOO,
# Shorewall will substitute ACCEPT in each
# entry in macro.FOO whose ACTION column
# contains PARAM. PARAM may be optionally
# followed by a colon and a log level.
#
# You may also follow the
#
# Any logging specified when the macro is
# invoked is applied to each entry in the macros.
#
# SOURCE and DEST If the column in the macro is empty then the
# columns value in the rules file is used. If the column
# in the macro is non-empty then any value in
# the rules file is appended with a ":"
# separator.
#
#
# Example: ###############################################
# #ACTION SOURCE DEST PROTO DEST
# # PORT
# Macro File PARAM net loc tcp 21
# rules File FTP/DNAT - 192.168.1.5
# Result DNAT net loc:192.168.1.5 tcp 21
#
# Remaining Any value in the rules file REPLACES the value
# columns given in the macro file.
#
#
###############################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/
# PORT PORT(S) DEST LIMIT GROUP
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE