2005-07-26 01:08:09 +02:00
|
|
|
#
|
2005-08-02 18:46:30 +02:00
|
|
|
# Shorewall version 2.6 - Template Macro
|
2005-07-26 01:08:09 +02:00
|
|
|
#
|
|
|
|
|
# /usr/share/shorewall/macro.template
|
|
|
|
|
#
|
|
|
|
|
# Macro files are similar to template files with the following exceptions:
|
|
|
|
|
#
|
2005-08-02 18:46:30 +02:00
|
|
|
# - A macro file is not processed unless the marcro that it defines is
|
|
|
|
|
# referenced in the /etc/shorewall/rules file or in an action
|
|
|
|
|
# definition file.
|
2005-07-26 01:08:09 +02:00
|
|
|
#
|
2005-08-02 18:46:30 +02:00
|
|
|
# - Macros are translated directly into one or more rules whereas
|
|
|
|
|
# actions become their own chain.
|
2005-07-26 01:08:09 +02:00
|
|
|
#
|
2005-08-02 18:46:30 +02:00
|
|
|
# - All entries in a macro undergo substitution when the macro is
|
|
|
|
|
# invoked in the rules file.
|
2005-07-26 01:08:09 +02:00
|
|
|
#
|
|
|
|
|
# - Macros may not invoke other macros.
|
|
|
|
|
#
|
2005-08-02 18:46:30 +02:00
|
|
|
# The columns in a macro definition are the same as those in the
|
|
|
|
|
# action.template file.
|
2005-07-26 01:08:09 +02:00
|
|
|
# A few examples should help show how Macros work.
|
|
|
|
|
#
|
|
|
|
|
# /etc/shorewall/macro.FwdFTP:
|
|
|
|
|
#
|
|
|
|
|
# #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/
|
|
|
|
|
# # PORT PORT(S) LIMIT GROUP
|
|
|
|
|
# DNAT - - tcp 21
|
|
|
|
|
#
|
|
|
|
|
# /etc/shorewall/rules:
|
|
|
|
|
#
|
2005-08-02 18:46:30 +02:00
|
|
|
# #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/
|
|
|
|
|
# # PORT PORT(S) DEST LIMIT GROUP
|
2005-07-26 01:08:09 +02:00
|
|
|
# FwdFTP net loc:192.168.1.5
|
|
|
|
|
#
|
|
|
|
|
# The result is equivalent to:
|
|
|
|
|
#
|
2005-08-02 18:46:30 +02:00
|
|
|
# #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/
|
|
|
|
|
# # PORT PORT(S) DEST LIMIT GROUP
|
2005-07-26 01:08:09 +02:00
|
|
|
# DNAT net loc:192.168.1.5 tcp 21
|
|
|
|
|
#
|
|
|
|
|
# The substitution rules are as follows:
|
|
|
|
|
#
|
2005-08-02 18:46:30 +02:00
|
|
|
# ACTION column If in the invocation of the macro, the macro
|
|
|
|
|
# name is followed by slash ("/") and a second
|
|
|
|
|
# name, the second name is substituted for each
|
|
|
|
|
# entry in the macro whose ACTION is PARAM
|
|
|
|
|
#
|
|
|
|
|
# For example, if macro FOO is invoked as
|
|
|
|
|
# FOO/ACCEPT then when expanding macro.FOO,
|
|
|
|
|
# Shorewall will substitute ACCEPT in each
|
|
|
|
|
# entry in macro.FOO whose ACTION column
|
|
|
|
|
# contains PARAM. PARAM may be optionally
|
|
|
|
|
# followed by a colon and a log level.
|
2005-07-26 01:08:09 +02:00
|
|
|
#
|
2005-08-02 18:46:30 +02:00
|
|
|
# Any logging specified when the macro is
|
|
|
|
|
# invoked is applied to each entry in the macros.
|
|
|
|
|
#
|
|
|
|
|
# SOURCE and DEST If the column in the macro is empty then the
|
|
|
|
|
# columns value in the rules file is used. If the column
|
|
|
|
|
# in the macro is non-empty then any value in
|
|
|
|
|
# the rules file is appended with a ":"
|
|
|
|
|
# separator.
|
|
|
|
|
#
|
|
|
|
|
#
|
|
|
|
|
# Example: ###############################################
|
|
|
|
|
# #ACTION SOURCE DEST PROTO DEST
|
|
|
|
|
# # PORT
|
|
|
|
|
# Macro File DNAT net loc tcp 21
|
|
|
|
|
# rules File FwdFTP - 192.168.1.5
|
|
|
|
|
# Result DNAT net loc:192.168.1.5 tcp 21
|
|
|
|
|
#
|
|
|
|
|
# Remaining Any value in the rules file REPLACES the value
|
|
|
|
|
# columns given in the macro file.
|
2005-07-26 01:08:09 +02:00
|
|
|
#
|
|
|
|
|
#
|
2005-08-02 18:46:30 +02:00
|
|
|
###############################################################################
|
|
|
|
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/
|
|
|
|
|
# PORT PORT(S) DEST LIMIT GROUP
|
2005-07-26 01:08:09 +02:00
|
|
|
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
