From 4aed98d848bb122db04101c3c35d5479c1d87e7d Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Mon, 9 Jul 2007 20:43:12 +0000
Subject: [PATCH] Add macros

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6831 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall-common/macro.GRE      | 13 +++++++++++++
 Shorewall-common/macro.IPIP     | 13 +++++++++++++
 Shorewall-common/macro.IPsec    | 15 +++++++++++++++
 Shorewall-common/macro.IPsecah  | 16 ++++++++++++++++
 Shorewall-common/macro.IPsecnat | 17 +++++++++++++++++
 Shorewall-common/macro.L2TP     | 13 +++++++++++++
 6 files changed, 87 insertions(+)
 create mode 100644 Shorewall-common/macro.GRE
 create mode 100644 Shorewall-common/macro.IPIP
 create mode 100644 Shorewall-common/macro.IPsec
 create mode 100644 Shorewall-common/macro.IPsecah
 create mode 100644 Shorewall-common/macro.IPsecnat
 create mode 100644 Shorewall-common/macro.L2TP

diff --git a/Shorewall-common/macro.GRE b/Shorewall-common/macro.GRE
new file mode 100644
index 000000000..2505c06c0
--- /dev/null
+++ b/Shorewall-common/macro.GRE
@@ -0,0 +1,13 @@
+#
+# Shorewall version 4 - GRE Macro
+#
+# /usr/share/shorewall/macro.GRE
+#
+#	This macro handles Generic Routing Encapsulation traffic (RFC 1701)
+#
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGINAL	RATE	USER/
+#				PORT	PORT(S)	DEST		LIMIT	GROUP
+PARAM	-	-	47	# GRE
+PARAM	DEST	SOURCE	47	# GRE
+#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
diff --git a/Shorewall-common/macro.IPIP b/Shorewall-common/macro.IPIP
new file mode 100644
index 000000000..28bef6d18
--- /dev/null
+++ b/Shorewall-common/macro.IPIP
@@ -0,0 +1,13 @@
+#
+# Shorewall version 4 - IPIP Macro
+#
+# /usr/share/shorewall/macro.IPIP
+#
+#	This macro handles IPIP capsulation traffic
+#
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGINAL	RATE	USER/
+#				PORT	PORT(S)	DEST		LIMIT	GROUP
+PARAM	-	-	94	# IPIP
+PARAM	DEST	SOURCE	94	# IPIP
+#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
diff --git a/Shorewall-common/macro.IPsec b/Shorewall-common/macro.IPsec
new file mode 100644
index 000000000..119469593
--- /dev/null
+++ b/Shorewall-common/macro.IPsec
@@ -0,0 +1,15 @@
+#
+# Shorewall version 4 - IPsec Macro
+#
+# /usr/share/shorewall/macro.IPsec
+#
+#	This macro handles IPsec traffic
+#
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGINAL	RATE	USER/
+#				PORT	PORT(S)	DEST		LIMIT	GROUP
+PARAM	-	-	udp	500	500	# IKE
+PARAM	-	-	50			# ESP
+PARAM	DEST	SOURCE	udp	500	500	# IKE
+PARAM	DEST	SOURCE	50			# ESP
+#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
diff --git a/Shorewall-common/macro.IPsecah b/Shorewall-common/macro.IPsecah
new file mode 100644
index 000000000..96b1df005
--- /dev/null
+++ b/Shorewall-common/macro.IPsecah
@@ -0,0 +1,16 @@
+#
+# Shorewall version 4 - IPsecah Macro
+#
+# /usr/share/shorewall/macro.IPsecah
+#
+#	This macro handles IPsec authentication (AH) traffic.
+#       This is insecure. You should use ESP with encryption for security.
+#
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGINAL	RATE	USER/
+#				PORT	PORT(S)	DEST		LIMIT	GROUP
+PARAM	-	-	udp	500	500	# IKE
+PARAM	-	-	51			# AH
+PARAM	DEST	SOURCE	udp	500	500	# IKE
+PARAM	DEST	SOURCE	51			# AH
+#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
diff --git a/Shorewall-common/macro.IPsecnat b/Shorewall-common/macro.IPsecnat
new file mode 100644
index 000000000..985b82ff6
--- /dev/null
+++ b/Shorewall-common/macro.IPsecnat
@@ -0,0 +1,17 @@
+#
+# Shorewall version 4 - IPsecnat Macro
+#
+# /usr/share/shorewall/macro.IPsecnat
+#
+#	This macro handles IPsec traffic and Nat-Traversal
+#
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGINAL	RATE	USER/
+#				PORT	PORT(S)	DEST		LIMIT	GROUP
+PARAM	-	-	udp	500	# IKE
+PARAM	-	-	udp	4500	# NAT-T
+PARAM	-	-	50		# ESP
+PARAM	DEST	SOURCE	udp	500	# IKE
+PARAM	DEST	SOURCE	udp	4500	# NAT-T
+PARAM	DEST	SOURCE	50		# ESP
+#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
diff --git a/Shorewall-common/macro.L2TP b/Shorewall-common/macro.L2TP
new file mode 100644
index 000000000..58ecd1557
--- /dev/null
+++ b/Shorewall-common/macro.L2TP
@@ -0,0 +1,13 @@
+#
+# Shorewall version 4 - L2TP Macro
+#
+# /usr/share/shorewall/macro.L2TP
+#
+#	This macro handles Layer 2 Tunneling Protocol traffic (RFC 2661)
+#
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGINAL	RATE	USER/
+#				PORT	PORT(S)	DEST		LIMIT	GROUP
+PARAM	-	-	udp	1701	# L2TP
+PARAM	DEST	SOURCE	udp	1701	# L2TP
+#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE