diff --git a/Shorewall/Macros/macro.AMQP b/Shorewall/Macros/macro.AMQP
index 51ab98d1f..1a10938ef 100644
--- a/Shorewall/Macros/macro.AMQP
+++ b/Shorewall/Macros/macro.AMQP
@@ -1,12 +1,10 @@
 #
-# Shorewall - AMQP Macro
+# Shorewall -- /usr/share/shorewall/macro.AMQP
 #
-# /usr/share/shorewall/macro.AMQP
-#
-#	This macro handles AMQP traffic.
+# This macro handles AMQP traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	5672
 PARAM	-	-	udp	5672
diff --git a/Shorewall/Macros/macro.A_AllowICMPs b/Shorewall/Macros/macro.A_AllowICMPs
index 54064650c..76ac07465 100644
--- a/Shorewall/Macros/macro.A_AllowICMPs
+++ b/Shorewall/Macros/macro.A_AllowICMPs
@@ -1,13 +1,10 @@
 #
-# Shorewall - Audited AllowICMPs Macro
+# Shorewall -- /usr/share/shorewall/macro.A_AllowICMPs
 #
-# /usr/share/shorewall/macro.A_AllowICMPs
-#
-#	This macro A_ACCEPTs needed ICMP types
+# This macro audits and accepts needed ICMP types.
 #
 ###############################################################################
-#ACTION		SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#					PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION		SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE
 
 ?COMMENT Needed ICMP types
 
diff --git a/Shorewall/Macros/macro.A_DropDNSrep b/Shorewall/Macros/macro.A_DropDNSrep
index 59b74c540..ffd117641 100644
--- a/Shorewall/Macros/macro.A_DropDNSrep
+++ b/Shorewall/Macros/macro.A_DropDNSrep
@@ -1,13 +1,10 @@
 #
-# Shorewall - Audited DropDNSrep Macro
+# Shorewall -- /usr/share/shorewall/macro.A_DropDNSrep
 #
-# /usr/share/shorewall/macro.A_DropDNSrep
-#
-#	This macro silently audites and drops DNS UDP replies
+# This macro audits and drops DNS UDP replies.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 
 ?COMMENT Late DNS Replies
 
diff --git a/Shorewall/Macros/macro.A_DropUPnP b/Shorewall/Macros/macro.A_DropUPnP
index e200d61fd..61bfd674d 100644
--- a/Shorewall/Macros/macro.A_DropUPnP
+++ b/Shorewall/Macros/macro.A_DropUPnP
@@ -1,13 +1,10 @@
 #
-# Shorewall - ADropUPnP Macro
+# Shorewall -- /usr/share/shorewall/macro.A_DropUPnP
 #
-# /usr/share/shorewall/macro.A_DropUPnP
-#
-#	This macro silently drops UPnP probes on UDP port 1900
+# This macro audits and drops UPnP probes on UDP port 1900.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 
 ?COMMENT UPnP
 
diff --git a/Shorewall/Macros/macro.ActiveDir b/Shorewall/Macros/macro.ActiveDir
index 63bbc4573..08ce8ac26 100644
--- a/Shorewall/Macros/macro.ActiveDir
+++ b/Shorewall/Macros/macro.ActiveDir
@@ -1,16 +1,13 @@
 #
-# Shorewall - Samba 4 Macro
-#
-# /usr/share/shorewall/macro.ActiveDir
-#
-#	This macro handles ports for Samba 4 Active Directory Service
-#
-# You can comment out the ports you do not want open
+# Shorewall -- /usr/share/shorewall/macro.ActiveDir
 #
+# This macro handles ports for Samba 4 Active Directory Service.
+# You can copy this file to /etc/shorewall[6]/ and comment out the ports you
+# do not want open.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM   -       -       tcp     389 	#LDAP services
 PARAM   -       -       udp	389  
 PARAM   -       -       tcp     636	#LDAP SSL
diff --git a/Shorewall/Macros/macro.AllowICMPs b/Shorewall/Macros/macro.AllowICMPs
index febb685bd..4b56bf3dc 100644
--- a/Shorewall/Macros/macro.AllowICMPs
+++ b/Shorewall/Macros/macro.AllowICMPs
@@ -1,13 +1,10 @@
 #
-# Shorewall - AllowICMPs Macro
+# Shorewall -- /usr/share/shorewall/macro.AllowICMPs
 #
-# /usr/share/shorewall/macro.AllowICMPs
-#
-#	This macro ACCEPTs needed ICMP types
+# This macro ACCEPTs needed ICMP types.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 
 ?COMMENT Needed ICMP types
 
diff --git a/Shorewall/Macros/macro.Amanda b/Shorewall/Macros/macro.Amanda
index f0d280d58..c72e67cfc 100644
--- a/Shorewall/Macros/macro.Amanda
+++ b/Shorewall/Macros/macro.Amanda
@@ -1,15 +1,12 @@
 #
-# Shorewall - Amanda Macro
+# Shorewall -- /usr/share/shorewall/macro.Amanda
 #
-# /usr/share/shorewall/macro.Amanda
-#
-#	This macro handles connections required by the AMANDA backup system
-#	to back up remote nodes.  It does not provide the ability to restore
-#	files from those nodes.
+# This macro handles connections required by the AMANDA backup system
+# to back up remote nodes.  It does not provide the ability to restore
+# files from those nodes.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __AMANDA_HELPER )
  PARAM	-	-	udp	10080 { helper=amanda }
diff --git a/Shorewall/Macros/macro.Auth b/Shorewall/Macros/macro.Auth
index 4d9a92674..ad7bfeb2c 100644
--- a/Shorewall/Macros/macro.Auth
+++ b/Shorewall/Macros/macro.Auth
@@ -1,11 +1,9 @@
 #
-# Shorewall - Auth Macro
+# Shorewall -- /usr/share/shorewall/macro.Auth
 #
-# /usr/share/shorewall/macro.Auth
-#
-#	This macro handles Auth (identd) traffic.
+# This macro handles Auth (identd) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	113
diff --git a/Shorewall/Macros/macro.BGP b/Shorewall/Macros/macro.BGP
index b3ad3b6e8..552ed5d98 100644
--- a/Shorewall/Macros/macro.BGP
+++ b/Shorewall/Macros/macro.BGP
@@ -1,11 +1,9 @@
 #
-# Shorewall - BGP Macro
+# Shorewall -- /usr/share/shorewall/macro.BGP
 #
-# /usr/share/shorewall/macro.BGP
-#
-#	This macro handles BGP4 traffic.
+# This macro handles BGP4 traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	179	# BGP4
diff --git a/Shorewall/Macros/macro.BLACKLIST b/Shorewall/Macros/macro.BLACKLIST
index 48364c089..9c45d98f0 100644
--- a/Shorewall/Macros/macro.BLACKLIST
+++ b/Shorewall/Macros/macro.BLACKLIST
@@ -1,13 +1,11 @@
 #
-# Shorewall - blacklist Macro
+# Shorewall -- /usr/share/shorewall/macro.blacklist
 #
-# /usr/share/shorewall/macro.blacklist
-#
-#	This macro handles blacklisting using BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL
+# This macro handles blacklisting using BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 ?if $BLACKLIST_LOGLEVEL
 blacklog
 ?else
diff --git a/Shorewall/Macros/macro.BitTorrent b/Shorewall/Macros/macro.BitTorrent
index 815bd2781..f68c78b6d 100644
--- a/Shorewall/Macros/macro.BitTorrent
+++ b/Shorewall/Macros/macro.BitTorrent
@@ -1,19 +1,16 @@
 #
-# Shorewall - BitTorrent Macro
+# Shorewall -- /usr/share/shorewall/macro.BitTorrent
 #
-# /usr/share/shorewall/macro.BitTorrent
+# This macro handles BitTorrent traffic for BitTorrent 3.1 and earlier.
 #
-#	This macro handles BitTorrent traffic for BitTorrent 3.1 and earlier.
-#
-#	If you are running BitTorrent 3.2 or later, you should use the
-#	BitTorrent32 macro.
+# If you are running BitTorrent 3.2 or later, you should use the
+# BitTorrent32 macro.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	6881:6889
 #
 # It may also be necessary to allow UDP traffic:
 #
 PARAM	-	-	udp	6881
-#
diff --git a/Shorewall/Macros/macro.BitTorrent32 b/Shorewall/Macros/macro.BitTorrent32
index 94bd8fcda..c75de2120 100644
--- a/Shorewall/Macros/macro.BitTorrent32
+++ b/Shorewall/Macros/macro.BitTorrent32
@@ -1,16 +1,13 @@
 #
-# Shorewall - BitTorrent 3.2 Macro
+# Shorewall -- /usr/share/shorewall/macro.BitTorrent32
 #
-# /usr/share/shorewall/macro.BitTorrent32
-#
-#	This macro handles BitTorrent traffic for BitTorrent 3.2 and later.
+# This macro handles BitTorrent traffic for BitTorrent 3.2 and later.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	6881:6999
 #
 # It may also be necessary to allow UDP traffic:
 #
 PARAM	-	-	udp	6881
-#
diff --git a/Shorewall/Macros/macro.CVS b/Shorewall/Macros/macro.CVS
index 63d4f596a..33c55b7dd 100644
--- a/Shorewall/Macros/macro.CVS
+++ b/Shorewall/Macros/macro.CVS
@@ -1,11 +1,9 @@
 #
-# Shorewall - CVS Macro
+# Shorewall -- /usr/share/shorewall/macro.CVS
 #
-# /usr/share/shorewall/macro.CVS
-#
-#	This macro handles connections to the CVS pserver.
+# This macro handles connections to the CVS pserver.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	2401
diff --git a/Shorewall/Macros/macro.Citrix b/Shorewall/Macros/macro.Citrix
index 8e6c9b3ef..2c75e85fd 100644
--- a/Shorewall/Macros/macro.Citrix
+++ b/Shorewall/Macros/macro.Citrix
@@ -1,14 +1,12 @@
 #
-# Shorewall - Citrix/ICA Macro
+# Shorewall -- /usr/share/shorewall/macro.Citrix
 #
-# /usr/share/shorewall/macro.Citrix
-#
-#	This macro handles Citrix/ICA traffic (ICA, ICA Browser, CGP a.k.a.
-#	ICA Session Reliability)
+# This macro handles Citrix/ICA traffic (ICA, ICA Browser, CGP a.k.a.
+# ICA Session Reliability)
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	1494	# ICA
 PARAM	-	-	udp	1604	# ICA Browser
 PARAM	-	-	tcp	2598	# CGP Session Reliabilty
diff --git a/Shorewall/Macros/macro.DAAP b/Shorewall/Macros/macro.DAAP
index e17c2f48b..38f4c1b92 100644
--- a/Shorewall/Macros/macro.DAAP
+++ b/Shorewall/Macros/macro.DAAP
@@ -1,13 +1,11 @@
 #
-# Shorewall - DAAP Macro
+# Shorewall -- /usr/share/shorewall/macro.DAAP
 #
-# /usr/share/shorewall/macro.DAAP
-#
-#	This macro handles DAAP (Digital Audio Access Protocol) traffic.
-#	The protocol is used by iTunes, Rythmbox and other similar daemons.
+# This macro handles DAAP (Digital Audio Access Protocol) traffic.
+# The protocol is used by iTunes, Rythmbox and other similar daemons.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	3689
 PARAM	-	-	udp	3689
diff --git a/Shorewall/Macros/macro.DCC b/Shorewall/Macros/macro.DCC
index 470785e5d..fc414911d 100644
--- a/Shorewall/Macros/macro.DCC
+++ b/Shorewall/Macros/macro.DCC
@@ -1,12 +1,10 @@
 #
-# Shorewall - DCC Macro
+# Shorewall -- /usr/share/shorewall/macro.DCC
 #
-# /usr/share/shorewall/macro.DCC
-#
-#	This macro handles DCC (Distributed Checksum Clearinghouse) traffic.
-#	DCC is a distributed spam filtering mechanism.
+# This macro handles DCC (Distributed Checksum Clearinghouse) traffic.
+# DCC is a distributed spam filtering mechanism.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	6277
diff --git a/Shorewall/Macros/macro.DHCPfwd b/Shorewall/Macros/macro.DHCPfwd
index 62b194fdd..e363f19c5 100644
--- a/Shorewall/Macros/macro.DHCPfwd
+++ b/Shorewall/Macros/macro.DHCPfwd
@@ -1,12 +1,10 @@
 #
-# Shorewall - DHCPfwd Macro
+# Shorewall -- /usr/share/shorewall/macro.DHCPfwd
 #
-# /usr/share/shorewall/macro.DHCPfwd
-#
-#	This macro (bidirectional) handles forwarded DHCP traffic
+# This macro (bidirectional) handles forwarded DHCP traffic
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	67:68	67:68	# DHCP
 PARAM	DEST	SOURCE	udp	67:68	67:68	# DHCP
diff --git a/Shorewall/Macros/macro.DNS b/Shorewall/Macros/macro.DNS
index defd35e61..e89f7157c 100644
--- a/Shorewall/Macros/macro.DNS
+++ b/Shorewall/Macros/macro.DNS
@@ -1,12 +1,10 @@
 #
-# Shorewall - DNS Macro
+# Shorewall --  /usr/share/shorewall/macro.DNS
 #
-# /usr/share/shorewall/macro.DNS
-#
-#	This macro handles DNS traffic.
+# This macro handles DNS traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	53
 PARAM	-	-	tcp	53
diff --git a/Shorewall/Macros/macro.Distcc b/Shorewall/Macros/macro.Distcc
index 6f930c7c6..26099a499 100644
--- a/Shorewall/Macros/macro.Distcc
+++ b/Shorewall/Macros/macro.Distcc
@@ -1,11 +1,9 @@
 #
-# Shorewall - Distcc Macro
+# Shorewall -- /usr/share/shorewall/macro.Distcc
 #
-# /usr/share/shorewall/macro.Distcc
-#
-#	This macro handles connections to the Distributed Compiler service.
+# This macro handles connections to the Distributed Compiler service.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	3632
diff --git a/Shorewall/Macros/macro.Drop b/Shorewall/Macros/macro.Drop
index af5053706..c45b69ad4 100644
--- a/Shorewall/Macros/macro.Drop
+++ b/Shorewall/Macros/macro.Drop
@@ -1,18 +1,15 @@
 #
-# Shorewall - Drop Macro
+# Shorewall -- /usr/share/shorewall/macro.Drop
 #
-# /usr/share/shorewall/macro.Drop
+# This macro generates the same rules as the Drop default action
+# It is used in place of action.Drop when USE_ACTIONS=No.
 #
-#	This macro generates the same rules as the Drop default action
-#	It is used in place of action.Drop when USE_ACTIONS=No.
+# Example:
 #
-#	Example:
-#
-#		Drop	net	all
+#	Drop	net	all
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 #
 # Don't log 'auth' DROP
 #
diff --git a/Shorewall/Macros/macro.DropDNSrep b/Shorewall/Macros/macro.DropDNSrep
index c242a42f7..837ad060b 100644
--- a/Shorewall/Macros/macro.DropDNSrep
+++ b/Shorewall/Macros/macro.DropDNSrep
@@ -1,13 +1,10 @@
 #
-# Shorewall - DropDNSrep Macro
+# Shorewall -- /usr/share/shorewall/macro.DropDNSrep
 #
-# /usr/share/shorewall/macro.DropDNSrep
-#
-#	This macro silently drops DNS UDP replies
+# This macro silently drops DNS UDP replies
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 
 ?COMMENT Late DNS Replies
 
diff --git a/Shorewall/Macros/macro.DropUPnP b/Shorewall/Macros/macro.DropUPnP
index 70b21acb5..36777abf8 100644
--- a/Shorewall/Macros/macro.DropUPnP
+++ b/Shorewall/Macros/macro.DropUPnP
@@ -1,13 +1,10 @@
 #
-# Shorewall - DropUPnP Macro
+# Shorewall -- /usr/share/shorewall/macro.DropUPnP
 #
-# /usr/share/shorewall/macro.DropUPnP
-#
-#	This macro silently drops UPnP probes on UDP port 1900
+# This macro silently drops UPnP probes on UDP port 1900
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 
 ?COMMENT UPnP
 
diff --git a/Shorewall/Macros/macro.Edonkey b/Shorewall/Macros/macro.Edonkey
index 4f6fbe3a9..34ed32634 100644
--- a/Shorewall/Macros/macro.Edonkey
+++ b/Shorewall/Macros/macro.Edonkey
@@ -1,34 +1,31 @@
 #
-# Shorewall - Edonkey Macro
+# Shorewall -- /usr/share/shorewall/macro.Edonkey
 #
-# /usr/share/shorewall/macro.Edonkey
+# This macro handles Edonkey traffic.
 #
-#	This macro handles Edonkey traffic.
+# http://www.portforward.com/english/routers/port_forwarding/2wire/1000s/eDonkey.htm
+# says to use udp 5737 rather than 4665.
 #
+# http://www.amule.org/wiki/index.php/FAQ_ed2k says this:
 #
-#	http://www.portforward.com/english/routers/port_forwarding/2wire/1000s/eDonkey.htm
-#	says to use udp 5737 rather than 4665.
+# 4661 TCP (outgoing) Port, on which a server listens for connection
+# (defined by server).
 #
-#	http://www.amule.org/wiki/index.php/FAQ_ed2k says this:
+# 4665 UDP (outgoing) used for global server searches and global source
+# queries. This is always Server TCP port (in this case 4661) + 4.
 #
-#	4661 TCP (outgoing) Port, on which a server listens for connection
-#	(defined by server).
+# 4662 TCP (outgoing and incoming) Client to client transfers.
 #
-#	4665 UDP (outgoing) used for global server searches and global source
-#	queries. This is always Server TCP port (in this case 4661) + 4.
+# 4672 UDP (outgoing and incoming) Extended eMule protocol, Queue
+# Rating, File Reask Ping
 #
-#	4662 TCP (outgoing and incoming) Client to client transfers.
+# 4711 TCP WebServer listening port.
 #
-#	4672 UDP (outgoing and incoming) Extended eMule protocol, Queue
-#	Rating, File Reask Ping
-#
-#	4711 TCP WebServer listening port.
-#
-#	4712 TCP External Connection port. Used to communicate aMule with other
-#	applications such as aMule WebServer or aMuleCMD.
+# 4712 TCP External Connection port. Used to communicate aMule with other
+# applications such as aMule WebServer or aMuleCMD.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	4662
 PARAM	-	-	udp	4665
diff --git a/Shorewall/Macros/macro.FTP b/Shorewall/Macros/macro.FTP
index 1bbcabf08..beda60025 100644
--- a/Shorewall/Macros/macro.FTP
+++ b/Shorewall/Macros/macro.FTP
@@ -1,13 +1,11 @@
 #
-# Shorewall - FTP Macro
+# Shorewall -- /usr/share/shorewall/macro.FTP
 #
-# /usr/share/shorewall/macro.FTP
-#
-#	This macro handles FTP traffic.
+# This macro handles FTP traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __FTP_HELPER  )
  PARAM	-	-	tcp	21 { helper=ftp }
 ?else
diff --git a/Shorewall/Macros/macro.Finger b/Shorewall/Macros/macro.Finger
index 9c47bbcbf..e56b608e5 100644
--- a/Shorewall/Macros/macro.Finger
+++ b/Shorewall/Macros/macro.Finger
@@ -1,12 +1,10 @@
 #
-# Shorewall - Finger Macro
+# Shorewall -- /usr/share/shorewall/macro.Finger
 #
-# /usr/share/shorewall/macro.Finger
-#
-#	This macro handles Finger protocol. You should not generally open
-#	your finger information to internet.
+# This macro handles Finger protocol.
+# You should not generally open your finger information to internet.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	79
diff --git a/Shorewall/Macros/macro.GNUnet b/Shorewall/Macros/macro.GNUnet
index e55c84591..18308de30 100644
--- a/Shorewall/Macros/macro.GNUnet
+++ b/Shorewall/Macros/macro.GNUnet
@@ -1,13 +1,11 @@
 #
-# Shorewall - GNUnet Macro
+# Shorewall -- /usr/share/shorewall/macro.GNUnet
 #
-# /usr/share/shorewall/macro.GNUnet
-#
-#	This macro handles GNUnet (secure peer-to-peer networking) traffic.
+# This macro handles GNUnet (secure peer-to-peer networking) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	2086
 PARAM	-	-	udp	2086
 PARAM	-	-	tcp	1080
diff --git a/Shorewall/Macros/macro.GRE b/Shorewall/Macros/macro.GRE
index bbf24ed13..5515a7be6 100644
--- a/Shorewall/Macros/macro.GRE
+++ b/Shorewall/Macros/macro.GRE
@@ -1,13 +1,10 @@
 #
-# Shorewall - GRE Macro
+# Shorewall -- /usr/share/shorewall/macro.GRE
 #
-# /usr/share/shorewall/macro.GRE
-#
-#	This macro (bi-directional) handles Generic Routing Encapsulation
-#	traffic (RFC 1701)
+# This macro (bidirectional) handles Generic Routing Encapsulation (GRE).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	47	# GRE
 PARAM	DEST	SOURCE	47	# GRE
diff --git a/Shorewall/Macros/macro.Git b/Shorewall/Macros/macro.Git
index 45fc4af86..84df68448 100644
--- a/Shorewall/Macros/macro.Git
+++ b/Shorewall/Macros/macro.Git
@@ -1,11 +1,9 @@
 #
-# Shorewall - Git Macro
+# Shorewall -- /usr/share/shorewall/macro.Git
 #
-# /usr/share/shorewall/macro.Git
-#
-#	This macro handles Git traffic.
+# This macro handles Git traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	9418
diff --git a/Shorewall/Macros/macro.Gnutella b/Shorewall/Macros/macro.Gnutella
index da323c05c..1497f7c91 100644
--- a/Shorewall/Macros/macro.Gnutella
+++ b/Shorewall/Macros/macro.Gnutella
@@ -1,12 +1,10 @@
 #
-# Shorewall - Gnutella Macro
+# Shorewall -- /usr/share/shorewall/macro.Gnutella
 #
-# /usr/share/shorewall/macro.Gnutella
-#
-#	This macro handles Gnutella traffic.
+# This macro handles Gnutella traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	6346
 PARAM	-	-	udp	6346
diff --git a/Shorewall/Macros/macro.Goto-Meeting b/Shorewall/Macros/macro.Goto-Meeting
index 7a92cb124..950d63a27 100644
--- a/Shorewall/Macros/macro.Goto-Meeting
+++ b/Shorewall/Macros/macro.Goto-Meeting
@@ -1,12 +1,11 @@
 #
-# Shorewall - Citrix/Goto Meeting macro
+# Shorewall -- /usr/share/shorewall/macro.Goto-Meeting
 #
-# /usr/share/shorewall/macro.Goto-Meeting
-#          by Eric Teeter
-#       This macro handles Citrix/Goto Meeting
-#       Assumes that ports 80 and 443 are already open
-#       If needed, use the macros that open Http and Https to reduce redundancy
-####################################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-PARAM      -    -       tcp     8200    # Goto Meeting only needed (TCP outbound)
+# This macro handles Citrix/Goto Meeting.
+#
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
+PARAM      -    -       tcp     8200    # Goto Meeting only needed outbound
+HTTP
+HTTPS
diff --git a/Shorewall/Macros/macro.HKP b/Shorewall/Macros/macro.HKP
index b9eafa246..fe491991b 100644
--- a/Shorewall/Macros/macro.HKP
+++ b/Shorewall/Macros/macro.HKP
@@ -1,11 +1,9 @@
 #
-# Shorewall - HKP Macro
+# Shorewall -- /usr/share/shorewall/macro.HKP
 #
-# /usr/share/shorewall/macro.HKP
-#
-#	This macro handles OpenPGP HTTP keyserver protocol traffic.
+# This macro handles OpenPGP HTTP keyserver protocol traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	11371
diff --git a/Shorewall/Macros/macro.HTTP b/Shorewall/Macros/macro.HTTP
index 1f8d3278a..a83b0a0d8 100644
--- a/Shorewall/Macros/macro.HTTP
+++ b/Shorewall/Macros/macro.HTTP
@@ -1,11 +1,9 @@
 #
-# Shorewall - HTTP Macro
+# Shorewall -- /usr/share/shorewall/macro.HTTP
 #
-# /usr/share/shorewall/macro.HTTP
-#
-#	This macro handles plaintext HTTP (WWW) traffic.
+# This macro handles plaintext HTTP (WWW) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	80
diff --git a/Shorewall/Macros/macro.HTTPS b/Shorewall/Macros/macro.HTTPS
index 2e7e4653e..256825a66 100644
--- a/Shorewall/Macros/macro.HTTPS
+++ b/Shorewall/Macros/macro.HTTPS
@@ -1,11 +1,9 @@
 #
-# Shorewall - HTTPS Macro
+# Shorewall -- /usr/share/shorewall/macro.HTTPS
 #
-# /usr/share/shorewall/macro.HTTPS
-#
-#	This macro handles HTTPS (WWW over SSL) traffic.
+# This macro handles HTTPS (WWW over TLS) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	443
diff --git a/Shorewall/Macros/macro.ICPV2 b/Shorewall/Macros/macro.ICPV2
index eebc622ec..118055386 100644
--- a/Shorewall/Macros/macro.ICPV2
+++ b/Shorewall/Macros/macro.ICPV2
@@ -1,11 +1,9 @@
 #
-# Shorewall - ICPV2 Macro
+# Shorewall - /usr/share/shorewall/macro.ICPV2
 #
-# /usr/share/shorewall/macro.ICPV2
-#
-#	This macro handles Internet Cache Protocol V2 (Squid) traffic
+# This macro handles Internet Cache Protocol V2 (Squid) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	3130
diff --git a/Shorewall/Macros/macro.ICQ b/Shorewall/Macros/macro.ICQ
index 9b8c2efc1..eeb4ba2e2 100644
--- a/Shorewall/Macros/macro.ICQ
+++ b/Shorewall/Macros/macro.ICQ
@@ -1,11 +1,9 @@
 #
-# Shorewall - ICQ Macro
+# Shorewall -- /usr/share/shorewall/macro.ICQ
 #
-# /usr/share/shorewall/macro.ICQ
-#
-#	This macro handles ICQ, now called AOL Instant Messenger (or AIM).
+# This macro handles ICQ, now called AOL Instant Messenger (or AIM).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	5190
diff --git a/Shorewall/Macros/macro.ILO b/Shorewall/Macros/macro.ILO
index e0a678803..0e6a47790 100644
--- a/Shorewall/Macros/macro.ILO
+++ b/Shorewall/Macros/macro.ILO
@@ -1,15 +1,13 @@
 #
-# Shorewall - ILO Macro
+# Shorewall -- /usr/share/shorewall/macro.ILO
 #
-# /usr/share/shorewall/macro.ILO
-#
-#	This macro handles console redirection with HP ILO 2+,
-#	Use this macro to open access to your ILO interface from management
-#	workstations.
+# This macro handles console redirection with HP ILO 2+,
+# Use this macro to open access to your ILO interface from management
+# workstations.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	3002		# Raw serial data
 PARAM	-	-	tcp	9300		# Shared Remote Console
 PARAM	-	-	tcp	17988		# Virtual Media
diff --git a/Shorewall/Macros/macro.IMAP b/Shorewall/Macros/macro.IMAP
index 0f58d30cf..87973fac2 100644
--- a/Shorewall/Macros/macro.IMAP
+++ b/Shorewall/Macros/macro.IMAP
@@ -1,12 +1,10 @@
 #
-# Shorewall - IMAP Macro
+# Shorewall -- /usr/share/shorewall/macro.IMAP
 #
-# /usr/share/shorewall/macro.IMAP
-#
-#	This macro handles plaintext IMAP traffic.  For encrypted IMAP,
-#	see macro.IMAPS.
+# This macro handles plaintext and STARTTLS IMAP traffic.
+# For SSL (TLS) IMAP, see macro.IMAPS.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	143
diff --git a/Shorewall/Macros/macro.IMAPS b/Shorewall/Macros/macro.IMAPS
index 5aa455829..d99b17d37 100644
--- a/Shorewall/Macros/macro.IMAPS
+++ b/Shorewall/Macros/macro.IMAPS
@@ -1,12 +1,11 @@
 #
-# Shorewall - IMAPS Macro
+# Shorewall -- /usr/share/shorewall/macro.IMAPS
 #
-# /usr/share/shorewall/macro.IMAPS
-#
-#	This macro handles encrypted IMAP traffic.  For plaintext IMAP
-#	(not recommended), see macro.IMAP.
+# This macro handles SSL (TLS) IMAP traffic.
+# For plaintext (not recommended) and STARTLS (recommended) IMAP see
+# macro.IMAP.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	993
diff --git a/Shorewall/Macros/macro.IPIP b/Shorewall/Macros/macro.IPIP
index 9a04a0819..6c010b18f 100644
--- a/Shorewall/Macros/macro.IPIP
+++ b/Shorewall/Macros/macro.IPIP
@@ -1,12 +1,10 @@
 #
-# Shorewall - IPIP Macro
+# Shorewall -- /usr/share/shorewall/macro.IPIP
 #
-# /usr/share/shorewall/macro.IPIP
-#
-#	This macro (bidirectional) handles IPIP capsulation traffic
+# This macro (bidirectional) handles IPIP capsulation traffic
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	94	# IPIP
 PARAM	DEST	SOURCE	94	# IPIP
diff --git a/Shorewall/Macros/macro.IPMI b/Shorewall/Macros/macro.IPMI
index 631a5d905..9a1326285 100644
--- a/Shorewall/Macros/macro.IPMI
+++ b/Shorewall/Macros/macro.IPMI
@@ -1,16 +1,15 @@
 #
-# Shorewall - IPMI Macro
+# Shorewall -- /usr/share/shorewall/macro.IPMI
 #
-# /usr/share/shorewall/macro.IPMI
-#
-#	This macro handles IPMI console redirection with Asus (AMI),
-#	Dell DRAC5+ (Avocent), and Supermicro (Aten or AMI).
-#	Use this macro to open access to your IPMI interface from management
-#	workstations.
+# This macro handles IPMI console redirection with RMCP protocol.
+# Tested to work with with Asus (AMI),
+# Dell DRAC5+ (Avocent), and Supermicro (Aten or AMI).
+# Use this macro to open access to your IPMI interface from management
+# workstations.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	623		# RMCP
 PARAM	-	-	tcp	3668,3669	# Virtual Media, Secure (Dell)
 PARAM	-	-	tcp	5120,5123	# CD, floppy (Asus, Aten)
diff --git a/Shorewall/Macros/macro.IPP b/Shorewall/Macros/macro.IPP
index a83e3a6a8..434e175ee 100644
--- a/Shorewall/Macros/macro.IPP
+++ b/Shorewall/Macros/macro.IPP
@@ -1,11 +1,9 @@
 #
-# Shorewall - IPP Macro
+# Shorewall -- /usr/share/shorewall/macro.IPP
 #
-# /usr/share/shorewall/macro.IPP
-#
-#	This macro handles Internet Printing Protocol (IPP).
+# This macro handles Internet Printing Protocol (IPP).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	631
diff --git a/Shorewall/Macros/macro.IPPbrd b/Shorewall/Macros/macro.IPPbrd
index 8ef7a80b8..aa9602a75 100644
--- a/Shorewall/Macros/macro.IPPbrd
+++ b/Shorewall/Macros/macro.IPPbrd
@@ -1,13 +1,11 @@
 #
-# Shorewall - IPP Broadcast Macro
+# Shorewall -- /usr/share/shorewall/macro.IPPbrd
 #
-# /usr/share/shorewall/macro.IPPbrd
-#
-#	This macro handles Internet Printing Protocol (IPP) broadcasts.
-#       If you also need to handle TCP 631 connections in the opposite
-#       direction, use the IPPserver Macro
+# This macro handles Internet Printing Protocol (IPP) broadcasts.
+# If you also need to handle TCP 631 connections in the opposite
+# direction, use the IPPserver Macro
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	631
diff --git a/Shorewall/Macros/macro.IPPserver b/Shorewall/Macros/macro.IPPserver
index 37a8485ae..595bac669 100644
--- a/Shorewall/Macros/macro.IPPserver
+++ b/Shorewall/Macros/macro.IPPserver
@@ -1,29 +1,28 @@
 #
-# Shorewall - IPPserver Macro
+# Shorewall -- /usr/share/shorewall/macro.IPPserver
 #
-# /usr/share/shorewall/macro.IPPserver
+# This macro handles Internet Printing Protocol (IPP), indicating
+# that DEST is a printing server for SOURCE.  The macro allows
+# print queue broadcasts from the server to the client, and
+# printing connections from the client to the server.
 #
-#	This macro handles Internet Printing Protocol (IPP), indicating
-#	that DEST is a printing server for SOURCE.  The macro allows
-#	print queue broadcasts from the server to the client, and
-#	printing connections from the client to the server.
+# Example usage on a single-interface firewall which is a print client:
 #
-#	Example usage on a single-interface firewall which is a print
-#	client:
-#		IPPserver/ACCEPT $FW net
+#	IPPserver(ACCEPT)	$FW	net
 #
-#	Example for a two-interface firewall which acts as a print
-#	server for loc:
-#		IPPserver/ACCEPT loc $FW
+# Example for a two-interface firewall which acts as a print server for loc:
 #
-#	NOTE: If you want both to serve requests for local printers and
-#	listen to requests for remote printers (i.e. your CUPS server is
-#	also a client), you need to apply the rule twice, e.g.
-#		IPPserver/ACCEPT loc $FW
-#		IPPserver/ACCEPT $FW loc
+#	IPPserver(ACCEPT)	loc	$FW
+#
+# NOTE: If you want both to serve requests for local printers and listen to
+# requests for remote printers (i.e. your CUPS server is also a client),
+# you need to apply the rule twice, e.g.
+#
+#	IPPserver(ACCEPT)	loc	$FW
+#	IPPserver(ACCEPT)	$FW	loc
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	SOURCE	DEST	tcp	631
 PARAM	DEST	SOURCE	udp	631
diff --git a/Shorewall/Macros/macro.IPsec b/Shorewall/Macros/macro.IPsec
index 31a10fc49..84d135800 100644
--- a/Shorewall/Macros/macro.IPsec
+++ b/Shorewall/Macros/macro.IPsec
@@ -1,13 +1,11 @@
 #
-# Shorewall - IPsec Macro
+# Shorewall -- /usr/share/shorewall/macro.IPsec
 #
-# /usr/share/shorewall/macro.IPsec
-#
-#	This macro (bidirectional) handles IPsec traffic
+# This macro (bidirectional) handles IPsec traffic
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	500	500	# IKE
 PARAM	-	-	50			# ESP
 PARAM	DEST	SOURCE	udp	500	500	# IKE
diff --git a/Shorewall/Macros/macro.IPsecah b/Shorewall/Macros/macro.IPsecah
index 22a05e74b..475a3f4a7 100644
--- a/Shorewall/Macros/macro.IPsecah
+++ b/Shorewall/Macros/macro.IPsecah
@@ -1,14 +1,12 @@
 #
-# Shorewall - IPsecah Macro
+# Shorewall -- /usr/share/shorewall/macro.IPsecah
 #
-# /usr/share/shorewall/macro.IPsecah
-#
-#	This macro (bidirectional) handles IPsec authentication (AH) traffic.
-#       This is insecure. You should use ESP with encryption for security.
+# This macro (bidirectional) handles IPsec authentication (AH) traffic.
+# This is insecure. You should use ESP with encryption for security.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	500	500	# IKE
 PARAM	-	-	51			# AH
 PARAM	DEST	SOURCE	udp	500	500	# IKE
diff --git a/Shorewall/Macros/macro.IPsecnat b/Shorewall/Macros/macro.IPsecnat
index 70bcfca2b..e351deaa6 100644
--- a/Shorewall/Macros/macro.IPsecnat
+++ b/Shorewall/Macros/macro.IPsecnat
@@ -1,13 +1,11 @@
 #
-# Shorewall - IPsecnat Macro
+# Shorewall -- /usr/share/shorewall/macro.IPsecnat
 #
-# /usr/share/shorewall/macro.IPsecnat
-#
-#	This macro (bidirectional) handles IPsec traffic and Nat-Traversal
+# This macro (bidirectional) handles IPsec traffic and Nat-Traversal
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	500	# IKE
 PARAM	-	-	udp	4500	# NAT-T
 PARAM	-	-	50		# ESP
diff --git a/Shorewall/Macros/macro.IRC b/Shorewall/Macros/macro.IRC
index 637d51c69..f31b6f9ce 100644
--- a/Shorewall/Macros/macro.IRC
+++ b/Shorewall/Macros/macro.IRC
@@ -1,13 +1,10 @@
 #
-# Shorewall IRC Macro
+# Shorewall -- /usr/share/shorewall/macro.IRC
 #
-# /usr/share/shorewall/macro.IRC
-#
-#	This macro handles IRC traffic (Internet Relay Chat).
+# This macro handles IRC traffic (Internet Relay Chat).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __IRC_HELPER  )
  PARAM	-	-	tcp	6667 { helper=irc }
diff --git a/Shorewall/Macros/macro.JAP b/Shorewall/Macros/macro.JAP
index ee7826b8c..a46c955cb 100644
--- a/Shorewall/Macros/macro.JAP
+++ b/Shorewall/Macros/macro.JAP
@@ -1,17 +1,14 @@
 #
-# Shorewall - JAP Macro
+# Shorewall -- /usr/share/shorewall/macro.JAP
 #
-# /usr/share/shorewall/macro.JAP
-#
-#	This macro handles JAP Anon Proxy traffic.  This macro is for
-#	administrators running a Mix server.  It is NOT for people trying
-#	to browse anonymously!
+# This macro handles JAP Anon Proxy Mix server traffic.
+# It is NOT for people trying to browse anonymously!
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	8080 # HTTP port
 PARAM	-	-	tcp	6544 # HTTP port
 PARAM	-	-	tcp	6543 # InfoService port
-HTTPS(PARAM)
-SSH(PARAM)
+HTTPS
+SSH
diff --git a/Shorewall/Macros/macro.Jabber b/Shorewall/Macros/macro.Jabber
index 69103e123..6cfda9d91 100644
--- a/Shorewall/Macros/macro.Jabber
+++ b/Shorewall/Macros/macro.Jabber
@@ -1,11 +1,9 @@
 #
-# Shorewall - Jabber Macro
+# Shorewall -- /usr/share/shorewall/macro.Jabber
 #
-# /usr/share/shorewall/macro.Jabber
-#
-#	This macro accepts Jabber traffic.
+# This macro handles Jabber traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	5222
diff --git a/Shorewall/Macros/macro.JabberPlain b/Shorewall/Macros/macro.JabberPlain
index 47f7780a8..8ae6ed306 100644
--- a/Shorewall/Macros/macro.JabberPlain
+++ b/Shorewall/Macros/macro.JabberPlain
@@ -1,12 +1,9 @@
 #
-# Shorewall - JabberPlain Macro
+# Shorewall -- /usr/share/shorewall/macro.JabberPlain
 #
-# /usr/share/shorewall/macro.JabberPlain
-#
-#	This macro accepts Jabber traffic (plaintext). This macro is
-#	deprecated - use of macro.Jabber instead is recommended.
+# This macro is deprecated - use of macro.Jabber instead is recommended.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 Jabber
diff --git a/Shorewall/Macros/macro.JabberSecure b/Shorewall/Macros/macro.JabberSecure
index 036d4e53c..6c3be3eff 100644
--- a/Shorewall/Macros/macro.JabberSecure
+++ b/Shorewall/Macros/macro.JabberSecure
@@ -1,13 +1,9 @@
 #
-# Shorewall - JabberSecure (SSL) Macro
+# Shorewall -- /usr/share/shorewall/macro.JabberSecure
 #
-# /usr/share/shorewall/macro.JabberSecure
-#
-#	This macro accepts Jabber traffic (SSL). Use of Jabber with SSL
-#	is deprecated, please configure Jabber with STARTTLS and use
-#	Jabber macro instead.
+# This macro handles deprecated Jabber (SSL) traffic. Use STARTTLS instead.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	5223
diff --git a/Shorewall/Macros/macro.Jabberd b/Shorewall/Macros/macro.Jabberd
index 2e13c4cb5..7a6471a70 100644
--- a/Shorewall/Macros/macro.Jabberd
+++ b/Shorewall/Macros/macro.Jabberd
@@ -1,11 +1,9 @@
 #
-# Shorewall - Jabberd (server intercommunication)
+# Shorewall -- /usr/share/shorewall/macro.Jabberd
 #
-# /usr/share/shorewall/macro.Jabberd
-#
-#	This macro accepts Jabberd intercommunication traffic
+# This macro handles Jabberd intercommunication traffic
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	5269
diff --git a/Shorewall/Macros/macro.Jetdirect b/Shorewall/Macros/macro.Jetdirect
index 24a662aac..da63c9a97 100644
--- a/Shorewall/Macros/macro.Jetdirect
+++ b/Shorewall/Macros/macro.Jetdirect
@@ -1,11 +1,9 @@
 #
-# Shorewall - Jetdirect Macro
+# Shorewall -- /usr/share/shorewall/macro.Jetdirect
 #
-# /usr/share/shorewall/macro.Jetdirect
-#
-#	This macro handles HP Jetdirect printing.
+# This macro handles HP Jetdirect printing.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	9100
diff --git a/Shorewall/Macros/macro.Kerberos b/Shorewall/Macros/macro.Kerberos
index ff70d1ba9..18fe40939 100644
--- a/Shorewall/Macros/macro.Kerberos
+++ b/Shorewall/Macros/macro.Kerberos
@@ -1,12 +1,10 @@
 #
-# Shorewall - Kerberos Macro
+# Shorewall -- /usr/share/shorewall/macro.Kerberos
 #
-# /usr/share/shorewall/macro.Kerberos
-#
-#	This macro handles Kerberos traffic.
+# This macro handles Kerberos traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	88
 PARAM	-	-	udp	88
diff --git a/Shorewall/Macros/macro.L2TP b/Shorewall/Macros/macro.L2TP
index 28765fecd..5fe351316 100644
--- a/Shorewall/Macros/macro.L2TP
+++ b/Shorewall/Macros/macro.L2TP
@@ -1,13 +1,11 @@
 #
-# Shorewall - L2TP Macro
+# Shorewall -- /usr/share/shorewall/macro.L2TP
 #
-# /usr/share/shorewall/macro.L2TP
-#
-#	This macro (bidirectional) handles Layer 2 Tunneling Protocol traffic
-#	(RFC 2661)
+# This macro (bidirectional) handles Layer 2 Tunneling Protocol traffic.
+# (RFC 2661)
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	1701	# L2TP
 PARAM	DEST	SOURCE	udp	1701	# L2TP
diff --git a/Shorewall/Macros/macro.LDAP b/Shorewall/Macros/macro.LDAP
index 48aa5dd96..366160cb4 100644
--- a/Shorewall/Macros/macro.LDAP
+++ b/Shorewall/Macros/macro.LDAP
@@ -1,16 +1,14 @@
 #
-# Shorewall - LDAP Macro
+# Shorewall -- /usr/share/shorewall/macro.LDAP
 #
-# /usr/share/shorewall/macro.LDAP
-#
-#	This macro handles plaintext LDAP traffic.  For encrypted LDAP
-#	traffic, see macro.LDAPS.  Use of LDAPS is recommended (and is
-#	required by some directory services) if you want to do user
-#	authentication over LDAP.  Note that some LDAP implementations
-#	support initiating TLS connections via the plaintext LDAP port.
-#	Consult your LDAP server documentation for details.
+# This macro handles plaintext LDAP traffic. For encrypted LDAP
+# traffic, see macro.LDAPS.  Use of LDAPS is recommended (and is
+# required by some directory services) if you want to do user
+# authentication over LDAP.  Note that some LDAP implementations
+# support initiating TLS connections via the plaintext LDAP port.
+# Consult your LDAP server documentation for details.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	389
diff --git a/Shorewall/Macros/macro.LDAPS b/Shorewall/Macros/macro.LDAPS
index 2060e398a..fccd5ccd4 100644
--- a/Shorewall/Macros/macro.LDAPS
+++ b/Shorewall/Macros/macro.LDAPS
@@ -1,16 +1,14 @@
 #
-# Shorewall - LDAPS Macro
+# Shorewall -- /usr/share/shorewall/macro.LDAPS
 #
-# /usr/share/shorewall/macro.LDAPS
-#
-#	This macro handles encrypted LDAP traffic.  For plaintext LDAP
-#	traffic, see macro.LDAP.  Use of LDAPS is recommended (and is
-#	required by some directory services) if you want to do user
-#	authentication over LDAP.  Note that some LDAP implementations
-#	support initiating TLS connections via the plaintext LDAP port.
-#	Consult your LDAP server documentation for details.
+# This macro handles encrypted LDAP traffic.  For plaintext LDAP
+# traffic, see macro.LDAP.  Use of LDAPS is recommended (and is
+# required by some directory services) if you want to do user
+# authentication over LDAP.  Note that some LDAP implementations
+# support initiating TLS connections via the plaintext LDAP port.
+# Consult your LDAP server documentation for details.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	636
diff --git a/Shorewall/Macros/macro.MSA b/Shorewall/Macros/macro.MSA
new file mode 100644
index 000000000..68216d7ac
--- /dev/null
+++ b/Shorewall/Macros/macro.MSA
@@ -0,0 +1,9 @@
+#
+# Shorewall -- /usr/share/shorewall/macro.MSA
+#
+# This macro handles mail message submission agent (MSA) traffic.
+#
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
+PARAM	-	-	tcp	587
diff --git a/Shorewall/Macros/macro.MSNP b/Shorewall/Macros/macro.MSNP
index bb9a3e637..59973fa92 100644
--- a/Shorewall/Macros/macro.MSNP
+++ b/Shorewall/Macros/macro.MSNP
@@ -1,11 +1,9 @@
 #
-# Shorewall - MSNP Macro
+# Shorewall - /usr/share/shorewall/macro.MSNP
 #
-# /usr/share/shorewall/macro.MSNP
-#
-#	This macro handles MSNP (MicroSoft Notification Protocol)
+# This macro handles MSNP (MicroSoft Notification Protocol)
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	1863
diff --git a/Shorewall/Macros/macro.MSSQL b/Shorewall/Macros/macro.MSSQL
index 700ee80d2..eb31ee5ec 100644
--- a/Shorewall/Macros/macro.MSSQL
+++ b/Shorewall/Macros/macro.MSSQL
@@ -1,12 +1,10 @@
 #
-# Shorewall - MSSQL Macro
+# Shorewall -- /usr/share/shorewall/macro.MSSQL
 #
-# /usr/share/shorewall/macro.MSSQL
-#
-#	This macro handles MSSQL (Microsoft SQL Server)
+# This macro handles MSSQL (Microsoft SQL Server)
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	1433
 PARAM	-	-	udp	1434
diff --git a/Shorewall/Macros/macro.Mail b/Shorewall/Macros/macro.Mail
index c3f39e6a8..4a4994da9 100644
--- a/Shorewall/Macros/macro.Mail
+++ b/Shorewall/Macros/macro.Mail
@@ -1,19 +1,17 @@
 #
-# Shorewall - Mail Macro
+# Shorewall -- /usr/share/shorewall/macro.Mail
 #
-# /usr/share/shorewall/macro.Mail
+# This macro handles SMTP (email secure and insecure) traffic.
+# It's the aggregate of macro.SMTP, macro.SMTPS, macro.MSA.
 #
-#	This macro handles SMTP (email secure and insecure) traffic.
-#	It's the aggregate of macro.SMTP, macro.SMTPS, macro.Submission.
-#
-#	Note: This macro handles traffic between an MUA (Email client)
-#	and an MTA (mail server) or between MTAs. It does not enable
-#	reading of email via POP3 or IMAP. For those you need to use
-#	the POP3 or IMAP macros.
+# Note: This macro handles traffic between an MUA (Email client)
+# and an MTA (mail server) or between MTAs. It does not enable
+# reading of email via POP3 or IMAP. For those you need to use
+# the POP3 or IMAP macros.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-PARAM	-	-	tcp	25
-PARAM	-	-	tcp	465
-PARAM	-	-	tcp	587
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
+SMTP
+SMTPS
+MSA
diff --git a/Shorewall/Macros/macro.MongoDB b/Shorewall/Macros/macro.MongoDB
index a34a5dc7b..69bb90cc3 100644
--- a/Shorewall/Macros/macro.MongoDB
+++ b/Shorewall/Macros/macro.MongoDB
@@ -1,11 +1,9 @@
 #
-# Shorewall - MongoDB Macro
+# Shorewall -- /usr/share/shorewall/macro.MongoDB
 #
-# /usr/share/shorewall/macro.MongoDB
-#
-#	This macro handles MongoDB Daemon/Router traffic.
+# This macro handles MongoDB Daemon/Router traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	27017
diff --git a/Shorewall/Macros/macro.Munin b/Shorewall/Macros/macro.Munin
index afa926400..957cff767 100644
--- a/Shorewall/Macros/macro.Munin
+++ b/Shorewall/Macros/macro.Munin
@@ -1,11 +1,9 @@
 #
-# Shorewall - Munin Macro
+# Shorewall -- /usr/share/shorewall/macro.Munin
 #
-# /usr/share/shorewall/macro.Munin
-#
-#	This macro handles Munin networked resource monitoring traffic
+# This macro handles Munin networked resource monitoring traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	4949
diff --git a/Shorewall/Macros/macro.MySQL b/Shorewall/Macros/macro.MySQL
index b308c945b..d4ebf6981 100644
--- a/Shorewall/Macros/macro.MySQL
+++ b/Shorewall/Macros/macro.MySQL
@@ -1,11 +1,9 @@
 #
-# Shorewall - MySQL Macro
+# Shorewall -- /usr/share/shorewall/macro.MySQL
 #
-# /usr/share/shorewall/macro.MySQL
-#
-#	This macro handles connections to the MySQL server.
+# This macro handles connections to the MySQL server.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	3306
diff --git a/Shorewall/Macros/macro.NNTP b/Shorewall/Macros/macro.NNTP
index 2a2d1cc4c..d6076bdb0 100644
--- a/Shorewall/Macros/macro.NNTP
+++ b/Shorewall/Macros/macro.NNTP
@@ -1,12 +1,10 @@
 #
-# Shorewall NNTP Macro
+# Shorewall -- /usr/share/shorewall/macro.NNTP
 #
-# /usr/share/shorewall/macro.NNTP
-#
-#	This macro handles plaintext NNTP traffic (Usenet).  For
-#	encrypted NNTP, see macro.NNTPS.
+# This macro handles plaintext NNTP traffic (Usenet).
+# For encrypted NNTP, see macro.NNTPS.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	119
diff --git a/Shorewall/Macros/macro.NNTPS b/Shorewall/Macros/macro.NNTPS
index 834f3f140..5e57cb5b9 100644
--- a/Shorewall/Macros/macro.NNTPS
+++ b/Shorewall/Macros/macro.NNTPS
@@ -1,12 +1,10 @@
 #
-# Shorewall NNTPS Macro
+# Shorewall -- /usr/share/shorewall/macro.NNTPS
 #
-# /usr/share/shorewall/macro.NNTPS
-#
-#	This macro handles encrypted NNTP traffic (Usenet).  For
-#	plaintext NNTP, see macro.NNTP.
+# This macro handles encrypted NNTP traffic (Usenet).
+# For plaintext NNTP, see macro.NNTP.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	563
diff --git a/Shorewall/Macros/macro.NTP b/Shorewall/Macros/macro.NTP
index 19299664d..22566bc5d 100644
--- a/Shorewall/Macros/macro.NTP
+++ b/Shorewall/Macros/macro.NTP
@@ -1,12 +1,10 @@
 #
-# Shorewall - NTP Macro
+# Shorewall -- /usr/share/shorewall/macro.NTP
 #
-# /usr/share/shorewall/macro.NTP
-#
-#	This macro handles NTP traffic (ntpd).
-#	For broadcast NTP traffic, use NTPbrd Macro.
+# This macro handles NTP traffic.
+# For broadcast NTP traffic, use NTPbrd Macro.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	123
diff --git a/Shorewall/Macros/macro.NTPbi b/Shorewall/Macros/macro.NTPbi
index fe5f2e534..139dbd372 100644
--- a/Shorewall/Macros/macro.NTPbi
+++ b/Shorewall/Macros/macro.NTPbi
@@ -1,12 +1,10 @@
 #
-# Shorewall - NTPbi Macro
+# Shorewall -- /usr/share/shorewall/macro.NTPbi
 #
-# /usr/share/shorewall/macro.NTPbi
-#
-#        This macro handles  bi-directional NTP (for NTP peers)
+# This macro handles  bi-directional NTP (for NTP peers).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-PARAM	-	-	udp	123
-PARAM	DEST	SOURCE	udp	123
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
+NTP
+NTP	DEST	SOURCE
diff --git a/Shorewall/Macros/macro.NTPbrd b/Shorewall/Macros/macro.NTPbrd
index 5e2a0b819..4a7a0f4df 100644
--- a/Shorewall/Macros/macro.NTPbrd
+++ b/Shorewall/Macros/macro.NTPbrd
@@ -1,17 +1,14 @@
 #
-# Shorewall - NTPbrd Macro
+# Shorewall -- /usr/share/shorewall/macro.NTPbrd
 #
-# /usr/share/shorewall/macro.NTPbrd
+# This macro handles NTP traffic including replies to Broadcast NTP traffic.
 #
-#	This macro handles NTP traffic (ntpd) including replies to Broadcast
-#	NTP traffic.
-#
-#	It is recommended only to use this where the source host is trusted -
-#	otherwise it opens up a large hole in your firewall because
-#	Netfilter doesn't track connections for broadcast traffic.
+# It is recommended only to use this where the source host is trusted -
+# otherwise it opens up a large hole in your firewall because
+# Netfilter doesn't track connections for broadcast traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-PARAM	-		-		udp	123
-PARAM	-		-		udp	1024:	123
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
+PARAM	-	-	udp	123
+PARAM	-	-	udp	1024:	123
diff --git a/Shorewall/Macros/macro.OSPF b/Shorewall/Macros/macro.OSPF
index 036159051..efbb21d1c 100644
--- a/Shorewall/Macros/macro.OSPF
+++ b/Shorewall/Macros/macro.OSPF
@@ -1,11 +1,9 @@
 #
-# Shorewall - OSPF Macro
+# Shorewall -- /usr/share/shorewall/macro.OSPF
 #
-# /usr/share/shorewall/macro.OSPF
-#
-#	This macro handles OSPF multicast traffic
+# This macro handles OSPF multicast traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	89	# OSPF
diff --git a/Shorewall/Macros/macro.OpenVPN b/Shorewall/Macros/macro.OpenVPN
index 266cddc4a..736305899 100644
--- a/Shorewall/Macros/macro.OpenVPN
+++ b/Shorewall/Macros/macro.OpenVPN
@@ -1,11 +1,9 @@
 #
-# Shorewall - OpenVPN Macro
+# Shorewall -- /usr/share/shorewall/macro.OpenVPN
 #
-# /usr/share/shorewall/macro.OpenVPN Macro
-#
-#	This macro handles OpenVPN traffic.
+# This macro handles OpenVPN traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	1194
diff --git a/Shorewall/Macros/macro.PCA b/Shorewall/Macros/macro.PCA
index 1ffa330f2..a2415defa 100644
--- a/Shorewall/Macros/macro.PCA
+++ b/Shorewall/Macros/macro.PCA
@@ -1,12 +1,10 @@
 #
-# Shorewall - PCA Macro
+# Shorewall -- /usr/share/shorewall/macro.PCA
 #
-# /usr/share/shorewall/macro.PCA
-#
-#	This macro handles PCAnywere (tm)
+# This macro handles PCAnywere (tm) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	5632
 PARAM	-	-	tcp	5631
diff --git a/Shorewall/Macros/macro.POP3 b/Shorewall/Macros/macro.POP3
index da9cc1f5a..cc034832d 100644
--- a/Shorewall/Macros/macro.POP3
+++ b/Shorewall/Macros/macro.POP3
@@ -1,12 +1,10 @@
 #
-# Shorewall - POP3 Macro
+# Shorewall -- /usr/share/shorewall/macro.POP3
 #
-# /usr/share/shorewall/macro.POP3
-#
-#	This macro handles plaintext POP3 traffic.  For encrypted POP3,
-#	see macro.POP3S.
+# This macro handles plaintext POP3 traffic.
+# For encrypted POP3, see macro.POP3S.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	110
diff --git a/Shorewall/Macros/macro.POP3S b/Shorewall/Macros/macro.POP3S
index b2400b815..19f896981 100644
--- a/Shorewall/Macros/macro.POP3S
+++ b/Shorewall/Macros/macro.POP3S
@@ -1,12 +1,10 @@
 #
-# Shorewall - POP3S Macro
+# Shorewall -- /usr/share/shorewall/macro.POP3S
 #
-# /usr/share/shorewall/macro.POP3S
-#
-#	This macro handles encrypted POP3 traffic.  For plaintext POP3,
-#	see macro.POP3.
+# This macro handles encrypted POP3 traffic.
+# For plaintext POP3, see macro.POP3.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	995	# Secure POP3
diff --git a/Shorewall/Macros/macro.PPtP b/Shorewall/Macros/macro.PPtP
index af36be522..5c9f32128 100644
--- a/Shorewall/Macros/macro.PPtP
+++ b/Shorewall/Macros/macro.PPtP
@@ -1,15 +1,12 @@
 #
-# Shorewall - PPTP Macro
+# Shorewall -- /usr/share/shorewall/macro.PPtP Macro
 #
-# /usr/share/shorewall/macro.PPtP Macro
-#
-#	This macro handles PPTP traffic.
+# This macro handles PPTP traffic. NOTE: PPTP protocol is insecure.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-PARAM	-	-	47
-PARAM	DEST	SOURCE	47
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
+GRE
 
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __PPTP_HELPER )
  PARAM	-	-	tcp	1723 { helper=pptp }
diff --git a/Shorewall/Macros/macro.Ping b/Shorewall/Macros/macro.Ping
index aa8b1f5f2..cec49bc2f 100644
--- a/Shorewall/Macros/macro.Ping
+++ b/Shorewall/Macros/macro.Ping
@@ -1,11 +1,9 @@
 #
-# Shorewall - Ping Macro
+# Shorewall -- /usr/share/shorewall/macro.Ping
 #
-# /usr/share/shorewall/macro.Ping
-#
-#	This macro handles 'ping' requests.
+# This macro handles ICMP 'ping' requests.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	icmp	8
diff --git a/Shorewall/Macros/macro.PostgreSQL b/Shorewall/Macros/macro.PostgreSQL
index 73ea9092d..4927bd509 100644
--- a/Shorewall/Macros/macro.PostgreSQL
+++ b/Shorewall/Macros/macro.PostgreSQL
@@ -1,11 +1,9 @@
 #
-# Shorewall - PostgreSQL Macro
+# Shorewall -- /usr/share/shorewall/macro.PostgreSQL
 #
-# /usr/share/shorewall/macro.PostgreSQL
-#
-#	This macro handles connections to the PostgreSQL server.
+# This macro handles connections to the PostgreSQL server.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	5432
diff --git a/Shorewall/Macros/macro.Printer b/Shorewall/Macros/macro.Printer
index 9607313ad..ab50e5174 100644
--- a/Shorewall/Macros/macro.Printer
+++ b/Shorewall/Macros/macro.Printer
@@ -1,11 +1,9 @@
 #
-# Shorewall - Printer Macro
+# Shorewall -- /usr/share/shorewall/macro.Printer
 #
-# /usr/share/shorewall/macro.Printer
-#
-#	This macro handles Line Printer protocol printing.
+# This macro handles Line Printer protocol printing.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	515
diff --git a/Shorewall/Macros/macro.Puppet b/Shorewall/Macros/macro.Puppet
index 77bb73fad..bcb75818f 100644
--- a/Shorewall/Macros/macro.Puppet
+++ b/Shorewall/Macros/macro.Puppet
@@ -1,12 +1,9 @@
 #
-# Shorewall - Puppet Macro
+# Shorewall -- /usr/share/shorewall/macro.Puppet
 #
-# /usr/share/shorewall/macro.Puppet
-#
-#	This macro handles client-to-server for the Puppet configuration
-#	management system.
+# This macro handles client-to-server for the Puppet configuration management.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	8140
diff --git a/Shorewall/Macros/macro.QUIC b/Shorewall/Macros/macro.QUIC
index 715c1c7cd..e38f19b6d 100644
--- a/Shorewall/Macros/macro.QUIC
+++ b/Shorewall/Macros/macro.QUIC
@@ -1,11 +1,9 @@
 #
-# Shorewall - QUIC Macro
+# Shorewall -- /usr/share/shorewall/macro.QUIC
 #
-# /usr/share/shorewall/macro.QUIC
-#
-#	This macro handles QUIC (Quick UDP Internet Connections).
+# This macro handles QUIC (Quick UDP Internet Connections).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	80,443
diff --git a/Shorewall/Macros/macro.RDP b/Shorewall/Macros/macro.RDP
index 0f28f0c46..870f78749 100644
--- a/Shorewall/Macros/macro.RDP
+++ b/Shorewall/Macros/macro.RDP
@@ -1,11 +1,9 @@
 #
-# Shorewall - RDP Macro
+# Shorewall -- /usr/share/shorewall/macro.RDP
 #
-# /usr/share/shorewall/macro.RDP
-#
-#	This macro handles Microsoft RDP (Remote Desktop) traffic.
+# This macro handles Microsoft RDP (Remote Desktop) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	3389
diff --git a/Shorewall/Macros/macro.RIPbi b/Shorewall/Macros/macro.RIPbi
index 45af3324d..d441bd6c3 100644
--- a/Shorewall/Macros/macro.RIPbi
+++ b/Shorewall/Macros/macro.RIPbi
@@ -1,12 +1,10 @@
 #
-# Shorewall - RIPbi Macro
+# Shorewall -- /usr/share/shorewall/macro.RIPbi
 #
-# /usr/share/shorewall/macro.RIPbi
-#
-#        This macro handles RIP (Routing Information Protocol) - bidirectional
+# This macro (bidirectional) handles Routing Information Protocol (RIP).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	520
 PARAM	DEST	SOURCE	udp	520
diff --git a/Shorewall/Macros/macro.RNDC b/Shorewall/Macros/macro.RNDC
index 0362bbc94..cd888588e 100644
--- a/Shorewall/Macros/macro.RNDC
+++ b/Shorewall/Macros/macro.RNDC
@@ -1,11 +1,9 @@
 #
-# Shorewall - RNDC Macro
+# Shorewall -- /usr/share/shorewall/macro.RNDC
 #
-# /usr/share/shorewall/macro.RNDC
-#
-#	This macro handles RNDC (BIND remote management protocol) traffic.
+# This macro handles BIND remote management protocol (RNDC) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	953
diff --git a/Shorewall/Macros/macro.Razor b/Shorewall/Macros/macro.Razor
index 726cff994..f3890d421 100644
--- a/Shorewall/Macros/macro.Razor
+++ b/Shorewall/Macros/macro.Razor
@@ -1,11 +1,9 @@
 #
-# Shorewall - Razor Macro
+# Shorewall -- /usr/share/shorewall/macro.Razor
 #
-# /usr/share/shorewall/macro.Razor
-#
-#	This macro handles traffic for the Razor Antispam System
+# This macro handles traffic for the Razor Antispam System
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 ACCEPT	-	-	tcp	2703
diff --git a/Shorewall/Macros/macro.Rdate b/Shorewall/Macros/macro.Rdate
index fe83a8bbb..ea6507e64 100644
--- a/Shorewall/Macros/macro.Rdate
+++ b/Shorewall/Macros/macro.Rdate
@@ -1,15 +1,13 @@
 #
-# Shorewall - Rdate Macro
+# Shorewall -- /usr/share/shorewall/macro.Rdate
 #
-# /usr/share/shorewall/macro.Rdate
-#
-#	This macro handles remote time retrieval (rdate).
-#	Unless you are supporting extremely old hardware or software,
-#	you shouldn't be using this.  NTP is a superior alternative.
-#	And even if you need to use rfc 868 Time protocol you should
-#	use Time macro instead.
+# This macro handles remote time retrieval (rdate).
+# Unless you are supporting extremely old hardware or software,
+# you shouldn't be using this. NTP is a superior alternative.
+# And even if you need to use rfc 868 Time protocol you should
+# use Time macro instead.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	37
diff --git a/Shorewall/Macros/macro.Redis b/Shorewall/Macros/macro.Redis
index 16ca47a2b..8a8d7ffa1 100644
--- a/Shorewall/Macros/macro.Redis
+++ b/Shorewall/Macros/macro.Redis
@@ -1,11 +1,9 @@
 #
-# Shorewall - Redis Macro
+# Shorewall -- /usr/share/shorewall/macro.Redis
 #
-# /usr/share/shorewall/macro.Redis
-#
-#	This macro handles Redis traffic.
+# This macro handles Redis traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	6379
diff --git a/Shorewall/Macros/macro.Reject b/Shorewall/Macros/macro.Reject
index cf92ddcf9..abf2473e1 100644
--- a/Shorewall/Macros/macro.Reject
+++ b/Shorewall/Macros/macro.Reject
@@ -1,19 +1,15 @@
 #
-# Shorewall - Reject Macro
+# Shorewall -- /usr/share/shorewall/macro.Reject
 #
-# /usr/share/shorewall/macro.Reject
+# This macro generates the same rules as the Reject default action
+# It is used in place of action.Reject when USE_ACTIONS=No.
 #
-#	This macro generates the same rules as the Reject default action
-#	It is used in place of action.Reject when USE_ACTIONS=No.
-#
-#	Example:
-#
-#		Reject	loc	fw
+# Example:
 #
+#	Reject	loc	fw
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 #
 # Don't log 'auth' REJECT
 #
diff --git a/Shorewall/Macros/macro.Rfc1918 b/Shorewall/Macros/macro.Rfc1918
index 264f7ab28..87aaba1c4 100644
--- a/Shorewall/Macros/macro.Rfc1918
+++ b/Shorewall/Macros/macro.Rfc1918
@@ -1,14 +1,10 @@
 #
-# Shorewall - Macro Template
+# Shorewall -- /usr/share/shorewall/macro.Rfc1918
 #
-# /usr/share/shorewall/macro.Rfc1918
+# This macro handles SOURCE or ORIGDEST address reserved by RFC 1918.
 #
-#	This macro handles pkts with a SOURCE or ORIGINAL DEST address
-#	reserved by RFC 1918
-#
-#############################################################################################
-#ACTION		SOURCE		DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#						PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-PARAM		SOURCE:10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 \
-				DEST
-PARAM		SOURCE		DEST	-	-	-	10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
+###############################################################################
+#ACTION	SOURCE	DEST
+
+PARAM	SOURCE:10.0.0.0/8,172.16.0.0/12,192.168.0.0/16	DEST
+PARAM	SOURCE	DEST { origdest=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 }
diff --git a/Shorewall/Macros/macro.Rsync b/Shorewall/Macros/macro.Rsync
index 71894b95a..9970b045f 100644
--- a/Shorewall/Macros/macro.Rsync
+++ b/Shorewall/Macros/macro.Rsync
@@ -1,11 +1,9 @@
 #
-# Shorewall - Rsync Macro
+# Shorewall -- /usr/share/shorewall/macro.Rsync
 #
-# /usr/share/shorewall/macro.Rsync
-#
-#	This macro handles connections to the rsync server.
+# This macro handles connections to the rsync server.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	873
diff --git a/Shorewall/Macros/macro.SANE b/Shorewall/Macros/macro.SANE
index ee396c432..34ffae3ae 100644
--- a/Shorewall/Macros/macro.SANE
+++ b/Shorewall/Macros/macro.SANE
@@ -1,13 +1,10 @@
 #
-# Shorewall - SANE Macro
+# Shorewall -- /usr/share/shorewall/macro.SANE
 #
-# /usr/share/shorewall/macro.SANE
-#
-#	This macro handles SANE network scanning.
+# This macro handles SANE network scanning.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __SANE_HELPER )
  PARAM	-	-	tcp	6566 { helper=sane }
@@ -17,7 +14,8 @@
 
 #
 # Kernels 2.6.23+ has nf_conntrack_sane module which will handle
-# sane data connection.
+# sane data connection. If you need these, copy this file to /etc/shorewall
+# and remove comments from one of the entries below.
 #
 # If you don't have sane conntracking support you need to open whole dynamic
 # port range.
diff --git a/Shorewall/Macros/macro.SIP b/Shorewall/Macros/macro.SIP
index 3e17b0e74..cf6d85202 100644
--- a/Shorewall/Macros/macro.SIP
+++ b/Shorewall/Macros/macro.SIP
@@ -1,13 +1,10 @@
 #
-# Shorewall - SIP Macro
+# Shorewall -- /usr/share/shorewall/macro.SIP
 #
-# /usr/share/shorewall/macro.SIP
-#
-#	This macro handles SIP traffic.
+# This macro handles SIP traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __SIP_HELPER  )
  PARAM	-	-	udp	5060 { helper=sip }
diff --git a/Shorewall/Macros/macro.SMB b/Shorewall/Macros/macro.SMB
index d433a6b3e..7312331f3 100644
--- a/Shorewall/Macros/macro.SMB
+++ b/Shorewall/Macros/macro.SMB
@@ -1,17 +1,15 @@
 #
-# Shorewall - SMB Macro
+# Shorewall -- /usr/share/shorewall/macro.SMB
 #
-# /usr/share/shorewall/macro.SMB
-#
-#	This macro handles Microsoft SMB traffic. You need to invoke
-#	this macro in both directions.  Beware!  This rule opens a lot
-#	of ports, and could possibly be used to compromise your firewall
-#	if not used with care.  You should only allow SMB traffic
-#	between hosts you fully trust.
+# This macro handles Microsoft SMB traffic.
+# You need to invoke this macro in both directions.
+# Beware!  This rule opens a lot of ports, and could possibly be used to
+# compromise your firewall if not used with care. You should only allow SMB
+# traffic between hosts you fully trust.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	135,445
 
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __NETBIOS_NS_HELPER )
diff --git a/Shorewall/Macros/macro.SMBBI b/Shorewall/Macros/macro.SMBBI
index 8bcf313a5..536697e30 100644
--- a/Shorewall/Macros/macro.SMBBI
+++ b/Shorewall/Macros/macro.SMBBI
@@ -1,36 +1,14 @@
 #
-# Shorewall - SMB Bi-directional Macro
+# Shorewall -- /usr/share/shorewall/macro.SMBBI
 #
-# /usr/share/shorewall/macro.SMBBI
+# This macro (bidirectional) handles Microsoft SMB traffic.
 #
-#	This macro (bidirectional) handles Microsoft SMB traffic.
-#
-#	Beware!  This macro opens a lot of ports, and could possibly be used
-#	to compromise your firewall if not used with care.  You should only
-#	allow SMB traffic between hosts you fully trust.
+# Beware! This macro opens a lot of ports, and could possibly be used
+# to compromise your firewall if not used with care. You should only
+# allow SMB traffic between hosts you fully trust.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-PARAM	-	-	udp	135,445
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 
-?if ( __CT_TARGET && ! $AUTOHELPERS && __NETBIOS_NS_HELPER )
- PARAM	-	-	udp	137 { helper=netbios-ns }
- PARAM	-	-	udp	138:139
-?else
- PARAM	-	-	udp	137:139
-?endif
-
-PARAM	-	-	udp	1024:	137
-PARAM	-	-	tcp	135,139,445
-PARAM	DEST	SOURCE	udp	135,445
-
-?if ( __CT_TARGET && ! $AUTOHELPERS && __NETBIOS_NS_HELPER )
- PARAM	DEST	SOURCE	udp	137 { helper=netbios-ns }
- PARAM	DEST	SOURCE	udp	138:139
-?else
- PARAM	DEST	SOURCE	udp	137:139
-?endif
-
-PARAM	DEST	SOURCE	udp	1024:	137
-PARAM	DEST	SOURCE	tcp	135,139,445
+SMB
+SMB	DEST	SOURCE
diff --git a/Shorewall/Macros/macro.SMBswat b/Shorewall/Macros/macro.SMBswat
index 3ae40abeb..101e1f504 100644
--- a/Shorewall/Macros/macro.SMBswat
+++ b/Shorewall/Macros/macro.SMBswat
@@ -1,12 +1,9 @@
 #
-# Shorewall - SMBswat Macro
+# Shorewall -- /usr/share/shorewall/macro.SMBswat
 #
-# /usr/share/shorewall/macro.SMBswat
-#
-#	This macro handles connections to the Samba Web Administration Tool
-#	(SWAT).
+# This macro handles connections to the Samba Web Administration Tool (SWAT).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	901
diff --git a/Shorewall/Macros/macro.SMTP b/Shorewall/Macros/macro.SMTP
index f8a20336d..ad302acc4 100644
--- a/Shorewall/Macros/macro.SMTP
+++ b/Shorewall/Macros/macro.SMTP
@@ -1,19 +1,12 @@
 #
-# Shorewall - SMTP Macro
+# Shorewall -- /usr/share/shorewall/macro.SMTP
 #
-# /usr/share/shorewall/macro.SMTP
-#
-#	This macro handles plaintext SMTP (email) traffic.  For SMTP
-#	encrypted over SSL, use macro.SMTPS.  Note that STARTTLS can be
-#	used over the standard STMP port, so the use of this macro
-#	doesn't necessarily imply the use of an insecure connection.
-#
-#	Note: This macro handles traffic between an MUA (Email client)
-#	and an MTA (mail server) or between MTAs. It does not enable
-#	reading of email via POP3 or IMAP. For those you need to use
-#	the POP3 or IMAP macros.
+# This macro handles SMTP (email) traffic.
+# For deprecated SMTP encrypted over SSL (TLS), use macro.SMTPS.
+# Note that STARTTLS can be used over the standard STMP port, so the use of
+# this macro doesn't necessarily imply the use of an insecure connection.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	25
diff --git a/Shorewall/Macros/macro.SMTPS b/Shorewall/Macros/macro.SMTPS
index b0791b254..36c3215d1 100644
--- a/Shorewall/Macros/macro.SMTPS
+++ b/Shorewall/Macros/macro.SMTPS
@@ -1,16 +1,10 @@
 #
-# Shorewall - SMTPS Macro
+# Shorewall -- /usr/share/shorewall/macro.SMTPS
 #
-# /usr/share/shorewall/macro.SMTPS
-#
-#	This macro handles encrypted SMTPS (email) traffic.
-#
-#	Note: This macro handles traffic between an MUA (Email client)
-#	and an MTA (mail server) or between MTAs. It does not enable
-#	reading of email via POP3 or IMAP. For those you need to use
-#	the POP3(S) or IMAP(S) macros.
+# This macro handles legacy SMTP over SSL (TLS) traffic.
+# You should configure SMTP STARTTLS instead.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	465
diff --git a/Shorewall/Macros/macro.SNMP b/Shorewall/Macros/macro.SNMP
index 85653651c..8749c852f 100644
--- a/Shorewall/Macros/macro.SNMP
+++ b/Shorewall/Macros/macro.SNMP
@@ -1,15 +1,11 @@
 #
-# Shorewall - SNMP Macro
+# Shorewall -- /usr/share/shorewall/macro.SNMP
 #
-# /usr/share/shorewall/macro.SNMP
-#
-#	This macro handles SNMP traffic.
-#
-#       Note: To allow SNMP Traps, use the SNMPTrap macro
+# This macro handles SNMP traffic.
+# Note: To allow SNMP Traps, use the SNMPTrap macro.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __SNMP_HELPER )
  PARAM	-	-  	udp     161 { helper=snmp }
diff --git a/Shorewall/Macros/macro.SNMPTrap b/Shorewall/Macros/macro.SNMPTrap
index 2023ed3bc..83cce5b52 100644
--- a/Shorewall/Macros/macro.SNMPTrap
+++ b/Shorewall/Macros/macro.SNMPTrap
@@ -1,11 +1,9 @@
 #
-# Shorewall - SNMP Trap Macro
+# Shorewall - /usr/share/shorewall/macro.SNMPtrap
 #
-# /usr/share/shorewall/macro.SNMPtrap
-#
-#	This macro handles SNMP traps.
+# This macro handles SNMP traps.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	162
diff --git a/Shorewall/Macros/macro.SPAMD b/Shorewall/Macros/macro.SPAMD
index b34c1ca07..dd779ff60 100644
--- a/Shorewall/Macros/macro.SPAMD
+++ b/Shorewall/Macros/macro.SPAMD
@@ -1,11 +1,9 @@
 #
-# Shorewall - SPAMD Macro
+# Shorewall -- /usr/share/shorewall/macro.SPAMD
 #
-# /usr/share/shorewall/macro.SPAMD
-#
-#	This macro handles Spam Assassin SPAMD traffic.
+# This macro handles SpamAssassin SPAMD traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	783
diff --git a/Shorewall/Macros/macro.SSH b/Shorewall/Macros/macro.SSH
index ff888c19b..161d283d0 100644
--- a/Shorewall/Macros/macro.SSH
+++ b/Shorewall/Macros/macro.SSH
@@ -1,11 +1,9 @@
 #
-# Shorewall - SSH Macro
+# Shorewall -- /usr/share/shorewall/macro.SSH
 #
-# /usr/share/shorewall/macro.SSH
-#
-#	This macro handles secure shell (SSH) traffic.
+# This macro handles secure shell (SSH) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	22
diff --git a/Shorewall/Macros/macro.SVN b/Shorewall/Macros/macro.SVN
index 1bf7d795f..0489f9261 100644
--- a/Shorewall/Macros/macro.SVN
+++ b/Shorewall/Macros/macro.SVN
@@ -1,12 +1,9 @@
 #
-# Shorewall - SVN Macro
-#
-# /usr/share/shorewall/macro.SVN
-#
-#	This macro handles connections to the Subversion server (svnserve).
+# Shorewall -- /usr/share/shorewall/macro.SVN
 #
+# This macro handles connections to the Subversion server (svnserve).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	3690
diff --git a/Shorewall/Macros/macro.Sieve b/Shorewall/Macros/macro.Sieve
index 39e865ccf..1fef9add2 100644
--- a/Shorewall/Macros/macro.Sieve
+++ b/Shorewall/Macros/macro.Sieve
@@ -1,11 +1,9 @@
 #
-# Shorewall - Sieve Macro
+# Shorewall -- /usr/share/shorewall/macro.Sieve
 #
-# /usr/share/shorewall/macro.Sieve
-#
-#	This macro handles sieve aka ManageSieve protocol.
+# This macro handles sieve aka ManageSieve protocol.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	4190
diff --git a/Shorewall/Macros/macro.SixXS b/Shorewall/Macros/macro.SixXS
index eb2bc0094..3b50982df 100644
--- a/Shorewall/Macros/macro.SixXS
+++ b/Shorewall/Macros/macro.SixXS
@@ -1,24 +1,21 @@
 #
-# Shorewall - SIXXS Macro
+# Shorewall -- /usr/share/shorewall/macro.SixXS
 #
-# /usr/share/shorewall/macro.SixXS
-#
-#	This macro handles SixXS -- An IPv6 Deployment and Tunnel Broker
+# This macro handles SixXS - An IPv6 Deployment and Tunnel Broker
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-#
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 # Used for retrieving the tunnel information (eg by AICCU)
 PARAM	-	-	tcp	3874
-#
+
 # Used for signaling where the current IPv4 endpoint
 # of the tunnel is and that it is alive
 PARAM	-	-	udp	3740
-#
+
 # Used for tunneling IPv6 over IPv4 (static + heartbeat tunnels)
 PARAM	-	-	41
-#
+
 # Used for tunneling IPv6 over IPv4 (AYIYA
 # tunnels)(5072 is official port, 8374 is used in the beta)
 PARAM	-	-	udp	5072,8374
diff --git a/Shorewall/Macros/macro.Squid b/Shorewall/Macros/macro.Squid
index 910440dc6..17b2e8778 100644
--- a/Shorewall/Macros/macro.Squid
+++ b/Shorewall/Macros/macro.Squid
@@ -1,11 +1,9 @@
 #
-# Shorewall - Squid Macro
+# Shorewall -- /usr/share/shorewall/macro.Squid
 #
-# /usr/share/shorewall/macro.Squid
-#
-#	This macro handles Squid web proxy traffic
+# This macro handles Squid web proxy traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	3128
diff --git a/Shorewall/Macros/macro.Submission b/Shorewall/Macros/macro.Submission
index 8e80a3dc7..b7827687e 100644
--- a/Shorewall/Macros/macro.Submission
+++ b/Shorewall/Macros/macro.Submission
@@ -1,11 +1,9 @@
 #
-# Shorewall - Submission Macro
+# Shorewall -- /usr/share/shorewall/macro.Submission
 #
-# /usr/share/shorewall/macro.Submission
-#
-#	This macro handles mail message submission traffic.
+# This macro handles mail message submission (MSA) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-PARAM	-	-	tcp	587
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
+MSA
diff --git a/Shorewall/Macros/macro.Syslog b/Shorewall/Macros/macro.Syslog
index f00e138f0..0aa9bcefe 100644
--- a/Shorewall/Macros/macro.Syslog
+++ b/Shorewall/Macros/macro.Syslog
@@ -1,12 +1,10 @@
 #
-# Shorewall - Syslog Macro
+# Shorewall -- /usr/share/shorewall/macro.Syslog
 #
-# /usr/share/shorewall/macro.Syslog
-#
-#	This macro handles syslog traffic.
+# This macro handles syslog traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	514
 PARAM	-	-	tcp	514
diff --git a/Shorewall/Macros/macro.TFTP b/Shorewall/Macros/macro.TFTP
index fc3fac37f..bdbf340d7 100644
--- a/Shorewall/Macros/macro.TFTP
+++ b/Shorewall/Macros/macro.TFTP
@@ -1,15 +1,11 @@
 #
-# Shorewall - TFTP Macro
+# Shorewall -- /usr/share/shorewall/macro.TFTP
 #
-# /usr/share/shorewall/macro.TFTP
-#
-#	This macro handles Trivial File Transfer Protocol (TFTP)
-#	Because TFTP lacks all security you should not enable it over
-#	Internet.
+# This macro handles Trivial File Transfer Protocol (TFTP)
+# Because TFTP lacks all security you should not enable it over Internet.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __TFTP_HELPER )
  PARAM	-	-	udp	69 { helper=tftp }
diff --git a/Shorewall/Macros/macro.Telnet b/Shorewall/Macros/macro.Telnet
index 055f4fc1c..8263cef17 100644
--- a/Shorewall/Macros/macro.Telnet
+++ b/Shorewall/Macros/macro.Telnet
@@ -1,12 +1,10 @@
 #
-# Shorewall - Telnet Macro
+# Shorewall -- /usr/share/shorewall/macro.Telnet
 #
-# /usr/share/shorewall/macro.Telnet
-#
-#	This macro handles Telnet traffic. For traffic over the
-#	internet, telnet is inappropriate; use SSH instead
+# This macro handles Telnet traffic.
+# For traffic over the internet, telnet is inappropriate; use SSH instead.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	23
diff --git a/Shorewall/Macros/macro.Telnets b/Shorewall/Macros/macro.Telnets
index 8fcdbc7ae..a66c26511 100644
--- a/Shorewall/Macros/macro.Telnets
+++ b/Shorewall/Macros/macro.Telnets
@@ -1,12 +1,10 @@
 #
-# Shorewall - Telnet Macro
+# Shorewall -- /usr/share/shorewall/macro.Telnets
 #
-# /usr/share/shorewall/macro.Telnets
-#
-#	This macro handles Telnets (Telnet over SSL) traffic.
-#	For traffic over the internet, SSH might be more practical.
+# This macro handles Telnet over SSL (TLS) traffic.
+# For traffic over the internet, SSH might be more practical.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDIST	RATE	USER
+
 PARAM	-	-	tcp	992
diff --git a/Shorewall/Macros/macro.Teredo b/Shorewall/Macros/macro.Teredo
index 7b175f4ba..168c4bbe0 100644
--- a/Shorewall/Macros/macro.Teredo
+++ b/Shorewall/Macros/macro.Teredo
@@ -1,11 +1,9 @@
 #
-# Shorewall - Teredo Macro
+# Shorewall -- /usr/share/shorewall/macro.Teredo
 #
-# /usr/share/shorewall/macro.Teredo
-#
-#	This macro handles Teredo IPv6 over UDP tunneling traffic
+# This macro handles Teredo IPv6 over UDP tunneling traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	3544
diff --git a/Shorewall/Macros/macro.Time b/Shorewall/Macros/macro.Time
index 4de5f757e..c52f7247f 100644
--- a/Shorewall/Macros/macro.Time
+++ b/Shorewall/Macros/macro.Time
@@ -1,13 +1,11 @@
 #
-# Shorewall - Time Macro
+# Shorewall -- /usr/share/shorewall/macro.Time
 #
-# /usr/share/shorewall/macro.Time
-#
-#	This macro handles rfc 868 Time protocol.
-#	Unless you are supporting extremely old hardware or software,
-#	you shouldn't be using this.  NTP is a superior alternative.
+# This macro handles Time protocol (RFC868).
+# Unless you are supporting extremely old hardware or software,
+# you shouldn't be using this.  NTP is a superior alternative.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	37
diff --git a/Shorewall/Macros/macro.Tinc b/Shorewall/Macros/macro.Tinc
index a1686271e..a343dd71e 100644
--- a/Shorewall/Macros/macro.Tinc
+++ b/Shorewall/Macros/macro.Tinc
@@ -1,12 +1,10 @@
 #
-# Shorewall - tinc Macro
+# Shorewall -- /usr/share/shorewall/macro.Tinc
 #
-# /usr/share/shorewall/macro.Tinc Macro
-#
-#	This macro handles tinc traffic.
+# This macro handles tinc VPN traffic.
 #
 ###############################################################################
-#ACTION SOURCE  DEST    PROTO   DEST    SOURCE  RATE    USER/
-#                               PORT(S) PORT(S) LIMIT   GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM   -       -       udp     655
 PARAM   -       -       tcp     655
diff --git a/Shorewall/Macros/macro.Trcrt b/Shorewall/Macros/macro.Trcrt
index 83cd5bd77..a37082366 100644
--- a/Shorewall/Macros/macro.Trcrt
+++ b/Shorewall/Macros/macro.Trcrt
@@ -1,12 +1,10 @@
 #
-# Shorewall -Trcrt Macro
+# Shorewall -- /usr/share/shorewall/macro.Trcrt
 #
-# /usr/share/shorewall/macro.Trcrt
-#
-#	This macro handles Traceroute (for up to 30 hops).
+# This macro handles ICMP and UDP Traceroute (UDP for up to 30 hops).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-PARAM	-	-	udp	33434:33524 # UDP Traceroute
-PARAM	-	-	icmp	8	    # ICMP Traceroute
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
+PARAM	-	-	udp	33434:33524	# UDP Traceroute
+PARAM	-	-	icmp	8		# ICMP Traceroute
diff --git a/Shorewall/Macros/macro.VNC b/Shorewall/Macros/macro.VNC
index f8a549c07..9f80625cb 100644
--- a/Shorewall/Macros/macro.VNC
+++ b/Shorewall/Macros/macro.VNC
@@ -1,11 +1,9 @@
 #
-# Shorewall - VNC Macro
+# Shorewall -- /usr/share/shorewall/macro.VNC
 #
-# /usr/share/shorewall/macro.VNC
-#
-#	This macro handles VNC traffic for VNC display's 0 - 9.
+# This macro handles VNC traffic for VNC display's 0 - 9.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	5900:5909
diff --git a/Shorewall/Macros/macro.VNCL b/Shorewall/Macros/macro.VNCL
index e69f6fe09..62fee0b36 100644
--- a/Shorewall/Macros/macro.VNCL
+++ b/Shorewall/Macros/macro.VNCL
@@ -1,12 +1,9 @@
 #
-# Shorewall -VNCL Macro
+# Shorewall -- /usr/share/shorewall/macro.VNCL
 #
-# /usr/share/shorewall/macro.VNCL
-#
-#	This macro handles VNC traffic from Vncservers to Vncviewers in listen
-#	mode.
+# This macro handles VNC traffic from Vncservers to Vncviewers in listen mode.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	5500
diff --git a/Shorewall/Macros/macro.VRRP b/Shorewall/Macros/macro.VRRP
index c72b72fe5..09414cc1f 100644
--- a/Shorewall/Macros/macro.VRRP
+++ b/Shorewall/Macros/macro.VRRP
@@ -1,11 +1,9 @@
 #
-# Shorewall - VRRP Macro
+# Shorewall -- /usr/share/shorewall/macro.VRRP
 #
-# /usr/share/shorewall/macro.VRRP
-#
-#	This macro handles VRRP traffic.
+# This macro handles Virtual Router Redundancy Protocol (VRRP) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST		PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#					PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST		PROTO	DPORT	SPORT	ORIGDEST	RATE
+
 PARAM	SOURCE	DEST:224.0.0.18	vrrp
diff --git a/Shorewall/Macros/macro.Web b/Shorewall/Macros/macro.Web
index 4240a1190..99dd82b7f 100644
--- a/Shorewall/Macros/macro.Web
+++ b/Shorewall/Macros/macro.Web
@@ -1,14 +1,11 @@
 #
-# Shorewall - Web Macro
+# Shorewall -- /usr/share/shorewall/macro.Web
 #
-# /usr/share/shorewall/macro.Web
-#
-#	This macro handles WWW traffic (secure and insecure).  This
-#	macro is deprecated - use of macro.HTTP and macro.HTTPS instead
-#	is recommended.
+# This macro handles WWW traffic (secure and insecure).
+# You should use macro.HTTP and macro.HTTPS instead.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-PARAM	-	-	tcp	80	# HTTP (plaintext)
-PARAM	-	-	tcp	443	# HTTPS (over SSL)
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
+HTTP
+HTTPS
diff --git a/Shorewall/Macros/macro.Webcache b/Shorewall/Macros/macro.Webcache
index f6f19732e..40a767cfd 100644
--- a/Shorewall/Macros/macro.Webcache
+++ b/Shorewall/Macros/macro.Webcache
@@ -1,11 +1,9 @@
 #
-# Shorewall - Web Cache Macro
+# Shorewall -- /usr/share/shorewall/macro.WebCache
 #
-# /usr/share/shorewall/macro.WebCache
-#
-#	This macro handles Web Caches and Dan't Guardian
+# This macro handles Web Caches and Dansguardian traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM   -       -       tcp	8080
diff --git a/Shorewall/Macros/macro.Webmin b/Shorewall/Macros/macro.Webmin
index fd06a02a0..ec94d816d 100644
--- a/Shorewall/Macros/macro.Webmin
+++ b/Shorewall/Macros/macro.Webmin
@@ -1,11 +1,9 @@
 #
-# Shorewall - Webmin Macro
+# Shorewall -- /usr/share/shorewall/macro.Webmin
 #
-# /usr/share/shorewall/macro.Webmin
-#
-#	This macro handles Webmin traffic.
+# This macro handles Webmin traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	10000
diff --git a/Shorewall/Macros/macro.Whois b/Shorewall/Macros/macro.Whois
index 9314aaad0..2e46a1bcd 100644
--- a/Shorewall/Macros/macro.Whois
+++ b/Shorewall/Macros/macro.Whois
@@ -1,11 +1,9 @@
 #
-# Shorewall - Whois Macro
+# Shorewall -- /usr/share/shorewall/macro.Whois
 #
-# /usr/share/shorewall/macro.Whois
-#
-#	This macro handles whois (nicname) traffic.
+# This macro handles whois (nicname) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	43
diff --git a/Shorewall/Macros/macro.Xymon b/Shorewall/Macros/macro.Xymon
index 222b59462..218d4105e 100644
--- a/Shorewall/Macros/macro.Xymon
+++ b/Shorewall/Macros/macro.Xymon
@@ -1,11 +1,9 @@
 #
-# Shorewall - Xymon Macro
+# Shorewall -- /usr/share/shorewall/macro.Xymon
 #
-# /usr/share/shorewall/macro.Xymon
-#
-#	This macro handles Xymon traffic.
+# This macro handles Xymon traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	1984
diff --git a/Shorewall/Macros/macro.Zabbix b/Shorewall/Macros/macro.Zabbix
index 9fc88ab77..339a37e9d 100644
--- a/Shorewall/Macros/macro.Zabbix
+++ b/Shorewall/Macros/macro.Zabbix
@@ -1,13 +1,11 @@
 #
-# Shorewall - Zabbix Macro
+# Shorewall -- /usr/share/shorewall/macro.Zabbix
 #
-# /usr/share/shorewall/macro.Zabbix
-#
-#	This macro handles Zabbix monitoring software server traffic to agent
-#	and trap traffic from agent to zabbix server.
+# This macro handles Zabbix monitoring software traffic from server to agent
+# and trap traffic from agent to zabbix server.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	10050	# zabbix_agent
 PARAM	DEST	SOURCE	tcp	10051	# zabbix_trap
diff --git a/Shorewall/Macros/macro.mDNS b/Shorewall/Macros/macro.mDNS
index 75ba6a6ce..66cf90a61 100644
--- a/Shorewall/Macros/macro.mDNS
+++ b/Shorewall/Macros/macro.mDNS
@@ -1,15 +1,13 @@
 #
-# Shorewall - Multicast DNS Macro -- this macro assumes that only
-#                       the DEST zone sends mDNS queries. If both zones send
-#                       queries, use the mDNSbi macro.
+# Shorewall -- /usr/share/shorewall/macro.mDNS
 #
-# /usr/share/shorewall/macro.mDNS
-#
-#	This macro handles multicast DNS traffic
+# This macro handles multicast DNS traffic from DEST zone.
+# It assumes that only the DEST zone sends mDNS queries.
+# If both zones send queries, use the mDNSbi macro.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST			PROTO	DEST	SOURCE	ORIGIN	RATE
-#						PORT(S)	PORT(S)	DEST	LIMIT
+#ACTION	SOURCE	DEST			PROTO	DPORT	SPORT	ORIGDEST
+
 PARAM	-	224.0.0.251		udp	5353
 PARAM	-	-			udp	1024:	5353
 PARAM	-	224.0.0.251		2
diff --git a/Shorewall/Macros/macro.mDNSbi b/Shorewall/Macros/macro.mDNSbi
index a3e4add91..367db575e 100644
--- a/Shorewall/Macros/macro.mDNSbi
+++ b/Shorewall/Macros/macro.mDNSbi
@@ -1,13 +1,11 @@
 #
-# Shorewall - Bi-directional Multicast DNS Macro.
+# Shorewall -- /usr/share/shorewall/macro.mDNSbi
 #
-# /usr/share/shorewall/macro.mDNSbi
-#
-#	This macro handles multicast DNS traffic
+# This macro handles bidirectional multicast DNS traffic
 #
 ###############################################################################
-#ACTION	SOURCE	DEST			PROTO	DEST	SOURCE	ORIGIN	RATE
-#						PORT(S)	PORT(S)	DEST	LIMIT
+#ACTION	SOURCE	DEST			PROTO	DPORT	SPORT	ORIGDEST
+
 PARAM	-	224.0.0.251		udp	5353
 PARAM	-	-			udp	1024:	5353
 PARAM	-	224.0.0.251		2
diff --git a/Shorewall/Macros/macro.template b/Shorewall/Macros/macro.template
index 29c03c27a..bfee93a93 100644
--- a/Shorewall/Macros/macro.template
+++ b/Shorewall/Macros/macro.template
@@ -1,75 +1,69 @@
 #
-# Shorewall - Macro Template
-#
-# /usr/share/shorewall/macro.template
+# Shorewall --/usr/share/shorewall/macro.template
 #
 # Macro files are similar to action files with the following exceptions:
 #
-#	- A macro file is not processed unless the marcro that it defines is
-#	  referenced in the /etc/shorewall/rules file or in an action
-#	  definition file.
+# - A macro file is not processed unless the marcro that it defines is
+#   referenced in the /etc/shorewall/rules file or in an action
+#   definition file.
 #
-#	- Macros are translated directly into one or more rules whereas
-#	  actions become their own chain.
+# - Macros are translated directly into one or more rules whereas
+#   actions become their own chain.
 #
-#	- All entries in a macro undergo substitution when the macro is
-#	  invoked in the rules file.
+# - All entries in a macro undergo substitution when the macro is
+#   invoked in the rules file.
 #
 # Columns are the same as in /etc/shorewall/rules.
 # A few examples should help show how Macros work.
 #
 # /etc/shorewall/macro.FwdFTP:
 #
-#	#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#	#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#	#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT 	ORIGDEST	RATE
 #	DNAT	-	-	tcp	21
 #
 # /etc/shorewall/rules:
 #
-#	#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#	#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#	#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT 	ORIGDEST	RATE
 #	FwdFTP	net	loc:192.168.1.5
 #
 # The result is equivalent to:
 #
-#	#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#	#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#	#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT 	ORIGDEST	RATE
 #	DNAT	net	loc:192.168.1.5	tcp	21
 #
 # The substitution rules are as follows:
 #
-#	ACTION column		If in the invocation of the macro, the macro
-#				name is followed by slash ("/") and a second
-#				name, the second name is substituted for each
-#				entry in the macro whose ACTION is PARAM
+# ACTION column		If in the invocation of the macro, the macro
+#			name is followed by slash ("/") and a second
+#			name, the second name is substituted for each
+#			entry in the macro whose ACTION is PARAM
 #
-#				For example, if macro FOO is invoked as
-#				FOO/ACCEPT then when expanding macro.FOO,
-#				Shorewall will substitute ACCEPT in each
-#				entry in macro.FOO whose ACTION column
-#				contains PARAM. PARAM may be optionally
-#				followed by a colon and a log level.
+#			For example, if macro FOO is invoked as
+#			FOO/ACCEPT then when expanding macro.FOO,
+#			Shorewall will substitute ACCEPT in each
+#			entry in macro.FOO whose ACTION column
+#			contains PARAM. PARAM may be optionally
+#			followed by a colon and a log level.
 #
-#				You may also follow the
+#			You may also follow the
 #
-#				Any logging specified when the macro is
-#				invoked is applied to each entry in the macros.
+#			Any logging specified when the macro is
+#			invoked is applied to each entry in the macros.
 #
-#	SOURCE and DEST		If the column in the macro is empty then the
-#	columns			value in the rules file is used. If the column
-#				in the macro is non-empty then any value in
-#				the rules file is appended with a ":"
-#				separator.
+# SOURCE and DEST	If the column in the macro is empty then the
+# columns		value in the rules file is used. If the column
+#			in the macro is non-empty then any value in
+#			the rules file is appended with a ":"
+#			separator.
 #
-#	Example:		###############################################
-#				#ACTION	 SOURCE	DEST		PROTO	DEST
-#				#					PORT(S)
-#		macro.FTP File	PARAM	 net	loc		tcp	21
-#		rules File	FTP/DNAT -	192.168.1.5
-#		Result		DNAT	 net	loc:192.168.1.5	tcp	21
+# Example:		#######################################################
+#			#ACTION		SOURCE	DEST		PROTO	DPORT
+#	macro.FTP File	PARAM		net	loc		tcp	21
+#	rules File	FTP(DNAT)	-	192.168.1.5
+#	Result		DNAT		net	loc:192.168.1.5	tcp	21
 #
-#	Remaining		Any value in the rules file REPLACES the value
-#	columns			given in the macro file.
+# Remaining		Any value in the rules file REPLACES the value
+# columns		given in the macro file.
 #
 # Multiple parameters may be passed to a macro. Within this file, $1 refers
 # to the first parameter, $2 to the second an so on. $1 is a synonym for
@@ -83,6 +77,5 @@
 #
 #######################################################################################################
 #                                         DO NOT REMOVE THE FOLLOWING LINE
-#################################################################################################################################################################################################
-#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME         HEADERS         SWITCH        HELPER
-#							PORT	PORT(S)		DEST		LIMIT		GROUP
+##############################################################################################################################################################
+#ACTION		SOURCE		DEST		PROTO	DPORT	SPORT	ORIGDEST	RATE	USER	MARK	CONNLIMIT	TIME	HEADERS	SWITCH	HELPER
diff --git a/Shorewall6/Macros/macro.Ping b/Shorewall6/Macros/macro.Ping
index aef7ff0d3..32da212dc 100644
--- a/Shorewall6/Macros/macro.Ping
+++ b/Shorewall6/Macros/macro.Ping
@@ -1,11 +1,9 @@
 #
-# Shorewall6 - Ping Macro
+# Shorewall6 -- /usr/share/shorewall6/macro.Ping
 #
-# /usr/share/shorewall6/macro.Ping
-#
-#	This macro handles 'ping' requests.
+# This macro handles 'ping' requests.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO		DEST	SOURCE	ORIGIN	RATE	USER/
-#					PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO		DPORT	SPORT	ORIGDEST	RATE
+
 PARAM	-	-	ipv6-icmp	128
diff --git a/Shorewall6/Macros/macro.Trcrt b/Shorewall6/Macros/macro.Trcrt
index 9141e4443..696d2c764 100644
--- a/Shorewall6/Macros/macro.Trcrt
+++ b/Shorewall6/Macros/macro.Trcrt
@@ -1,12 +1,10 @@
 #
-# Shorewall6 - Trcrt Macro
+# Shorewall6 -- /usr/share/shorewall6/macro.Trcrt
 #
-# /usr/share/shorewall6/macro.Trcrt
-#
-#	This macro handles Traceroute (for up to 30 hops).
+# This macro handles ICMP and UDP Traceroute (UDP for up to 30 hops).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO		DEST	SOURCE	ORIGIN	RATE	USER/
-#					PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-PARAM	-	-	udp		33434:33524 # UDP Traceroute
-PARAM	-	-	ipv6-icmp	128	    # ICMP Traceroute
+#ACTION	SOURCE	DEST	PROTO		DPORT	SPORT	ORIGDEST	RATE
+
+PARAM	-	-	udp		33434:33524	# UDP Traceroute
+PARAM	-	-	ipv6-icmp	128		# ICMP Traceroute
diff --git a/Shorewall6/Macros/macro.mDNS b/Shorewall6/Macros/macro.mDNS
index 73bcf30f6..73e4541f7 100644
--- a/Shorewall6/Macros/macro.mDNS
+++ b/Shorewall6/Macros/macro.mDNS
@@ -1,15 +1,13 @@
 #
-# Shorewall6 - Multicast DNS Macro
+# Shorewall6 -- /usr/share/shorewall6/macro.mDNS
 #
-# /usr/share/shorewall6/macro.mDNS
-#
-#	This macro handles multicast DNS traffic.
+# This macro handles multicast DNS traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST			PROTO	DEST	SOURCE
-#						PORT(S)	PORT(S)
-PARAM	-	<ff02::fb>		udp	5353
+#ACTION	SOURCE	DEST			PROTO	DPORT	SPORT
+
+PARAM	-	[ff02::fb]		udp	5353
 PARAM	-	-			udp	32768:	5353
-PARAM	-	<ff02::fb>		2
-PARAM	DEST	SOURCE:<ff02::fb>	udp	5353
-PARAM	DEST	SOURCE:<ff02::fb>	2
+PARAM	-	[ff02::fb]		2
+PARAM	DEST	SOURCE:[ff02::fb]	udp	5353
+PARAM	DEST	SOURCE:[ff02::fb]	2
diff --git a/docs/ECN.xml b/docs/ECN.xml
index 9b3c2f656..b31f67d21 100644
--- a/docs/ECN.xml
+++ b/docs/ECN.xml
@@ -41,7 +41,7 @@
   </articleinfo>
 
   <warning>
-    <para>2006-01-17. The ECN Netfilter target in recent 2.6 Linux Kernels is
+    <para>2006-01-17. The ECN Netfilter target in some 2.6 Linux Kernels is
     broken. Symptoms are that you will be unable to establish a TCP connection
     to hosts defined in the /etc/shorewall/ecn file.</para>
   </warning>
diff --git a/docs/IPP2P.xml b/docs/IPP2P.xml
index a271c241e..61723543a 100644
--- a/docs/IPP2P.xml
+++ b/docs/IPP2P.xml
@@ -194,14 +194,14 @@ tcp      6 269712 ESTABLISHED src=192.168.3.8 dst=206.124.146.177 sport=50584 dp
     <para>These are implemented in the /etc/shorewall/tcrules and
     /etc/shorewall/mangle files as follows:</para>
 
-    <programlisting>#ACTION              SOURCE        DEST        PROTO        PORT(S)        CLIENT     USER    TEST
-#                                                                          PORT(S)
-RESTORE:P            -             -           tcp
-CONTINUE:P           -             -           tcp          -              -          -       !0
-1:P                  -             -           ipp2p        ipp2p
-SAVE:P               -             -           tcp          -              -          -       1
-1:12                 -             eth0        -            -              -          -       1
-2:12                 -             eth1        -            -              -          -       1    </programlisting>
+    <programlisting>#ACTION         SOURCE          DEST            PROTO   DPORT   SPORT   USER    TEST
+
+RESTORE:P       -               -               tcp
+CONTINUE:P      -               -               tcp     -       -       -       !0
+1:P             -               -               ipp2p   ipp2p
+SAVE:P          -               -               tcp     -       -       -       1
+1:12            -               eth0            -       -       -       -       1
+2:12            -               eth1            -       -       -       -       1</programlisting>
 
     <para>These rules do exactly the same thing as their counterparts
     described above.</para>
@@ -209,14 +209,14 @@ SAVE:P               -             -           tcp          -              -
     <para>One change that I recommend --do your marking in the FORWARD chain
     rather than in the PREROUTING chain:</para>
 
-    <programlisting>#MARK                SOURCE        DEST        PROTO        PORT(S)        CLIENT     USER    TEST
-#                                                                          PORT(S)
-RESTORE:F            -             -           tcp
-CONTINUE:F           -             -           tcp          -              -          -       !0
-1:F                  -             -           ipp2p        ipp2p
-SAVE:F               -             -           tcp          -              -          -       1
-1:12                 -             eth0        -            -              -          -       1
-2:12                 -             eth1        -            -              -          -       1    </programlisting>
+    <programlisting>#ACTION         SOURCE          DEST            PROTO   DPORT   SPORT   USER    TEST
+
+RESTORE:F       -               -               tcp
+CONTINUE:F      -               -               tcp     -       -       -       !0
+1:F             -               -               ipp2p   ipp2p
+SAVE:F          -               -               tcp     -       -       -       1
+1:12            -               eth0            -       -       -       -       1
+2:12            -               eth1            -       -       -       -       1</programlisting>
 
     <para>It will work the same and will work with a <ulink
     url="MultiISP.html">Multi-ISP setup</ulink>.</para>
diff --git a/docs/IPv6Support.xml b/docs/IPv6Support.xml
index c20ffe480..e26363d22 100644
--- a/docs/IPv6Support.xml
+++ b/docs/IPv6Support.xml
@@ -187,10 +187,8 @@
 
         <para>If you are using a 6to4 tunnel for your IPv6 connectivity, you
         need an entry in
-        <filename>/etc/shorewall/tunnels</filename>.<programlisting>#TYPE    ZONE    GATEWAY        GATEWAY
-#                               ZONE
-6to4     net
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE</programlisting></para>
+        <filename>/etc/shorewall/tunnels</filename>.<programlisting>#TYPE                   ZONE            GATEWAY                 GATEWAY_ZONE
+6to4                    net</programlisting></para>
       </section>
     </section>
   </section>
@@ -409,9 +407,11 @@
 
           <para>Example (<filename>/etc/shorewall6/rules</filename>):</para>
 
-          <programlisting>#ACTION        SOURCE              DEST                        PROTO          DEST
-#                                                                             PORT(S)
-ACCEPT         net                 $FW:[2002:ce7c:92b4::3]     tcp            22</programlisting>
+          <programlisting>#ACTION         SOURCE          DEST                    PROTO   DPORT
+
+?SECTION NEW
+
+ACCEPT          net             $FW:[2002:ce7c:92b4::3] tcp     22</programlisting>
 
           <para>When the colon is preceeded by an interface name,
           <emphasis>the angle brackets are required</emphasis>. This is true
@@ -419,9 +419,11 @@ ACCEPT         net                 $FW:[2002:ce7c:92b4::3]     tcp            22
 
           <para>Example (<filename>/etc/shorewall6/rules</filename>):</para>
 
-          <programlisting>#ACTION        SOURCE                            DEST          PROTO          DEST
-#                                                                             PORT(S)
-ACCEPT         net:wlan0:[2002:ce7c:92b4::3]     tcp                          22</programlisting>
+          <programlisting>#ACTION         SOURCE                          DEST            PROTO   DPORT
+
+?SECTION NEW
+
+ACCEPT          net:wlan0:[2002:ce7c:92b4::3]   $FW             tcp     22</programlisting>
 
           <para>Prior to Shorewall 4.5.4, angled brackets ("&lt;" and "&gt;")
           were used. While these are still accepted, their use is deprecated
@@ -429,9 +431,11 @@ ACCEPT         net:wlan0:[2002:ce7c:92b4::3]     tcp                          22
 
           <para>Example (<filename>/etc/shorewall6/rules</filename>):</para>
 
-          <programlisting>#ACTION        SOURCE                            DEST          PROTO          DEST
-#                                                                             PORT(S)
-ACCEPT         net:wlan0:&lt;2002:ce7c:92b4::3&gt;     tcp                          22</programlisting>
+          <programlisting>#ACTION         SOURCE                          DEST            PROTO   DPORT
+
+SECTION NEW
+
+ACCEPT          net:wlan0:&lt;2002:ce7c:92b4::3&gt;   $FW             tcp     22</programlisting>
 
           <para>Prior to Shorewall 4.5.9, network addresses were required to
           be enclosed in either angle brackets or square brackets (e.g.
diff --git a/docs/ISO-3661.xml b/docs/ISO-3661.xml
index e7729bbf8..5aaad88da 100644
--- a/docs/ISO-3661.xml
+++ b/docs/ISO-3661.xml
@@ -49,9 +49,11 @@
 
     <para><filename>/etc/shorewall/rules</filename>:</para>
 
-    <programlisting>    #ACTION   	   SOURCE	 	DEST	PROTO	DEST
-    #		   					PORT(S)
-    DROP:info	   net:^[A1,A2]		dmz	tcp	25
+    <programlisting>    #ACTION         SOURCE          DEST            PROTO   DPORT
+
+    ?SECTION NEW
+
+    DROP:info	    net:^[A1,A2]    dmz             tcp     25
 </programlisting>
 
     <para>Using this feature requires the <firstterm>GeoIP Match</firstterm>
diff --git a/docs/LXC.xml b/docs/LXC.xml
index 7eaa3ec07..5fecf806c 100644
--- a/docs/LXC.xml
+++ b/docs/LXC.xml
@@ -100,7 +100,7 @@ lxc.network.ipv6=2001:470:b:227::43/124
     accessible from the LOC zone, the following entries are required in
     /etc/shorewall6/proxyndp:</para>
 
-    <programlisting>#ADDRESS		INTERFACE	EXTERNAL	HAVEROUTE	PERSISTENT
+    <programlisting>#ADDRESS                INTERFACE       EXTERNAL        HAVEROUTE       PERSISTENT
 2001:470:b:227::41	-		eth1		Yes		Yes
 2001:470:b:227::42	-		eth1		Yes		Yes
 2001:470:b:227::43	-		eth1		Yes		Yes
diff --git a/docs/Macros.xml b/docs/Macros.xml
index 852cc0aa7..ce88c055e 100644
--- a/docs/Macros.xml
+++ b/docs/Macros.xml
@@ -78,19 +78,20 @@
         macro.</para>
 
         <programlisting>#
-# Shorewall 3.0 /usr/share/shorewall/macro.SMB
+# Shorewall -- /usr/share/shorewall/macro.SMB
 #
-#       Handle Microsoft SMB traffic. You need to invoke this macro in
-#       both directions.
+# This macro handles Microsoft SMB traffic. You need to invoke
+# this macro in both directions.  Beware!  This rule opens a lot
+# of ports, and could possibly be used to compromise your firewall
+# if not used with care.  You should only allow SMB traffic
+# between hosts you fully trust.
 #
 ######################################################################################
-#TARGET  SOURCE         DEST            PROTO   DEST    SOURCE          RATE    USER/
-#                                               PORT    PORT(S)         LIMIT   GROUP
-PARAM    -              -               udp     135,445
-PARAM    -              -               udp     137:139
-PARAM    -              -               udp     1024:   137
-PARAM    -              -               tcp     135,139,445
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE</programlisting>
+#TARGET  SOURCE  DEST    PROTO   DPORT   SPORT   ORIGDEST        RATE    USER
+PARAM    -       -       udp     135,445
+PARAM    -       -       udp     137:139
+PARAM    -       -       udp     1024:   137
+PARAM    -       -       tcp     135,139,445</programlisting>
 
         <para>If you wish to modify one of the standard macros, do not modify
         the definition in <filename
@@ -121,17 +122,19 @@ PARAM    -              -               tcp     135,139,445
     <blockquote>
       <para>/etc/shorewall/rules:</para>
 
-      <programlisting>#ACTION      SOURCE        DEST         PROTO   DEST PORT(S)
-SMB(ACCEPT)  loc           fw         </programlisting>
+      <programlisting>#ACTION         SOURCE          DEST            PROTO   DPORT
+
+SMB(ACCEPT)     loc             $FW</programlisting>
 
       <para>The above is equivalent to coding the following series of
       rules:</para>
 
-      <programlisting>#TARGET      SOURCE        DEST         PROTO   DEST PORT(s)
-ACCEPT       loc           fw           udp     135,445
-ACCEPT       loc           fw           udp     137:139
-ACCEPT       loc           fw           udp     1024:   137
-ACCEPT       loc           fw           tcp     135,139,445</programlisting>
+      <programlisting>#ACTION         SOURCE          DEST            PROTO   DPORT   SPORT
+
+ACCEPT          loc             $FW             udp     135,445
+ACCEPT          loc             $FW             udp     137:139
+ACCEPT          loc             $FW             udp     1024:   137
+ACCEPT          loc             $FW             tcp     135,139,445</programlisting>
     </blockquote>
 
     <para>Logging is covered in <link linkend="Logging">a following
@@ -154,24 +157,24 @@ ACCEPT       loc           fw           tcp     135,139,445</programlisting>
           <blockquote>
             <para>/etc/shorewall/macro.SMTP</para>
 
-            <programlisting>#TARGET          SOURCE   DEST            PROTO    DEST PORT(S)
-PARAM            -        loc             tcp      25</programlisting>
+            <programlisting>#ACTION SOURCE  DEST    PROTO   DPORT
+PARAM   -       loc     tcp     25</programlisting>
 
             <para>/etc/shorewall/rules (Shorewall 4.0):</para>
 
-            <programlisting>#ACTION          SOURCE   DEST            PROTO    DEST PORT(S)
-SMTP(DNAT):info  net      192.168.1.5</programlisting>
+            <programlisting>#ACTION         SOURCE          DEST            PROTO   DPORT
+SMTP(DNAT):info net             192.168.1.5</programlisting>
 
             <para>/etc/shorewall/rules (Shorewall 4.2.0 and later):</para>
 
-            <programlisting>#ACTION          SOURCE   DEST            PROTO    DEST PORT(S)
-SMTP(DNAT):info   net      192.168.1.5</programlisting>
+            <programlisting>#ACTION         SOURCE          DEST            PROTO   DPORT
+SMTP(DNAT):info net             192.168.1.5</programlisting>
 
             <para>This would be equivalent to coding the following directly in
             /etc/shorewall/rules</para>
 
-            <programlisting>#ACTION          SOURCE   DEST            PROTO    DEST PORT(S)
-DNAT:info        net      loc:192.168.1.5 tcp      25</programlisting>
+            <programlisting>#ACTION         SOURCE          DEST            PROTO   DPORT
+DNAT:info       net             loc:192.168.1.5 tcp     25</programlisting>
           </blockquote>
 
           <para>Example 2:</para>
@@ -179,19 +182,20 @@ DNAT:info        net      loc:192.168.1.5 tcp      25</programlisting>
           <blockquote>
             <para>/etc/shorewall/macro.SMTP</para>
 
-            <programlisting>#TARGET          SOURCE   DEST            PROTO    DEST PORT(S)
-PARAM            -        192.168.1.5     tcp      25</programlisting>
+            <programlisting>
+#ACTION         SOURCE          DEST            PROTO   DPORT
+PARAM           -               192.168.1.5     tcp     25</programlisting>
 
             <para>/etc/shorewall/rules</para>
 
-            <programlisting>#ACTION          SOURCE   DEST            PROTO    DEST PORT(S)
-SMTP(DNAT):info   net      loc</programlisting>
+            <programlisting>#ACTION         SOURCE          DEST            PROTO   DPORT
+SMTP(DNAT):info net             loc</programlisting>
 
             <para>This would be equivalent to coding the following directly in
             /etc/shorewall/rules</para>
 
-            <programlisting>#ACTION          SOURCE   DEST            PROTO    DEST PORT(S)
-DNAT:info        net      loc:192.168.1.5 tcp      25</programlisting>
+            <programlisting>#ACTION         SOURCE          DEST            PROTO   DPORT
+DNAT:info       net             loc:192.168.1.5 tcp     25</programlisting>
           </blockquote>
 
           <para>You may also specify SOURCE or DEST in the SOURCE and DEST
@@ -205,8 +209,7 @@ DNAT:info        net      loc:192.168.1.5 tcp      25</programlisting>
             is already a standard macro like this released as part of
             Shorewall):</para>
 
-            <programlisting>#ACTION SOURCE  DEST    PROTO   DEST    SOURCE  ORIGINAL        RATE    USER/
-#                               PORT    PORT(S) DEST            LIMIT   GROUP
+            <programlisting>#ACTION SOURCE  DEST    PROTO   DPORT   SPORT   ORIGDEST        RATE    USER
 PARAM   -       -       udp     135,445
 PARAM   -       -       udp     137:139
 PARAM   -       -       udp     1024:   137
@@ -214,26 +217,28 @@ PARAM   -       -       tcp     135,139,445
 PARAM   DEST    SOURCE  udp     135,445
 PARAM   DEST    SOURCE  udp     137:139
 PARAM   DEST    SOURCE  udp     1024:   137
-PARAM   DEST    SOURCE  tcp     135,139,445
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE</programlisting>
+PARAM   DEST    SOURCE  tcp     135,139,445</programlisting>
 
             <para>/etc/shorewall/rules:</para>
 
-            <programlisting>#ACTION          SOURCE   DEST            PROTO    DEST PORT(S)
-SMBBI(ACCEPT)     loc      fw</programlisting>
+            <programlisting>#ACTION         SOURCE          DEST            PROTO   DPORT
+
+SMBBI(ACCEPT)   loc             $FW</programlisting>
 
             <para>This would be equivalent to coding the following directly in
             /etc/shorewall/rules</para>
 
-            <programlisting>#ACTION          SOURCE   DEST            PROTO    DEST PORT(S)
-ACCEPT           loc      fw              udp      135,445
-ACCEPT           loc      fw              udp      137:139
-ACCEPT           loc      fw              udp      1024:   137
-ACCEPT           loc      fw              tcp      135,139,445
-ACCEPT           fw       loc             udp      135,445
-ACCEPT           fw       loc             udp      137:139
-ACCEPT           fw       loc             udp      1024:   137
-ACCEPT           fw       loc             tcp      135,139,445</programlisting>
+            <programlisting>#ACTION         SOURCE          DEST            PROTO   DPORT   SPORT
+
+ACCEPT          loc             $FW             udp     135,445
+ACCEPT          loc             $FW             udp     137:139
+ACCEPT          loc             $FW             udp     1024:   137
+ACCEPT          loc             $FW             tcp     135,139,445
+
+ACCEPT          $FW             loc             udp     135,445
+ACCEPT          $FW             loc             udp     137:139
+ACCEPT          $FW             loc             udp     1024:   137
+ACCEPT          $FW             loc             tcp     135,139,445</programlisting>
           </blockquote>
         </listitem>
       </varlistentry>
@@ -696,7 +701,7 @@ ACCEPT           fw       loc             tcp      135,139,445</programlisting>
       </itemizedlist>
 
       <para>Omitted column entries should be entered using a dash
-      ("-:).</para>
+      ("-").</para>
 
       <para>Example:</para>
 
@@ -706,8 +711,9 @@ ACCEPT           fw       loc             tcp      135,139,445</programlisting>
       <para>To use your macro, in <filename>/etc/shorewall/rules</filename>
       you might do something like:</para>
 
-      <programlisting>#ACTION      SOURCE      DEST        PROTO    DEST PORT(S)
-LogAndAccept loc         $FW         tcp      22</programlisting>
+      <programlisting>#ACTION         SOURCE          DEST            PROTO   DPORT
+
+LogAndAccept    loc             $FW             tcp     22</programlisting>
     </section>
   </section>
 
@@ -731,20 +737,20 @@ LogAndAccept loc         $FW         tcp      22</programlisting>
 
         <para>/etc/shorewall/macro.foo</para>
 
-        <programlisting>#ACTION      SOURCE     DEST     PROTO    DEST PORT(S)
-ACCEPT       -          -        tcp      22
+        <programlisting>#ACTION SOURCE  DEST    PROTO   DPORT
+ACCEPT  -       -       tcp     22
 bar:info</programlisting>
 
         <para>/etc/shorewall/rules:</para>
 
-        <programlisting>#ACTION      SOURCE     DEST     PROTO    DEST PORT(S)
-foo:debug    $FW        net</programlisting>
+        <programlisting>#ACTION         SOURCE          DEST            PROTO   DPORT
+foo:debug       $FW             net</programlisting>
 
         <para>Logging in the invoked 'foo' macro will be as if foo had been
         defined as:</para>
 
-        <programlisting>#ACTION      SOURCE     DEST     PROTO    DEST PORT(S)
-ACCEPT:debug -          -        tcp      22
+        <programlisting>#ACTION         SOURCE  DEST    PROTO   DPORT
+ACCEPT:debug    -       -       tcp     22
 bar:info</programlisting>
       </listitem>
 
@@ -756,20 +762,20 @@ bar:info</programlisting>
 
         <para>/etc/shorewall/macro.foo</para>
 
-        <programlisting>#ACTION      SOURCE     DEST     PROTO    DEST PORT(S)
-ACCEPT       -          -        tcp      22
+        <programlisting>#ACTION SOURCE  DEST    PROTO   DPORT
+ACCEPT  -       -       tcp     22
 bar:info</programlisting>
 
         <para>/etc/shorewall/rules:</para>
 
-        <programlisting>#ACTION      SOURCE     DEST     PROTO    DEST PORT(S)
-foo:debug!   $FW        net</programlisting>
+        <programlisting>#ACTION         SOURCE  DEST    PROTO   DPORT
+foo:debug!      $FW     net</programlisting>
 
         <para>Logging in the invoked 'foo' macro will be as if foo had been
         defined as:</para>
 
-        <programlisting>#ACTION      SOURCE     DEST     PROTO    DEST PORT(S)
-ACCEPT:debug -          -        tcp      22
+        <programlisting>#ACTION         SOURCE  DEST    PROTO   DPORT
+ACCEPT:debug    -       -       tcp     22
 bar:debug</programlisting>
       </listitem>
     </orderedlist>