Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code

Shorewall/Macros/macro.AMQP

@@ -1,12 +1,10 @@
 #
-# Shorewall - AMQP Macro
+# Shorewall -- /usr/share/shorewall/macro.AMQP
-#
-# /usr/share/shorewall/macro.AMQP
 #
 # This macro handles AMQP traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	5672
 PARAM	-	-	udp	5672

Shorewall/Macros/macro.A_AllowICMPs

@@ -1,13 +1,10 @@
 #
-# Shorewall - Audited AllowICMPs Macro
+# Shorewall -- /usr/share/shorewall/macro.A_AllowICMPs
 #
-# /usr/share/shorewall/macro.A_AllowICMPs
+# This macro audits and accepts needed ICMP types.
-#
-#	This macro A_ACCEPTs needed ICMP types
 #
 ###############################################################################
-#ACTION		SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION		SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE
-#					PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 
 ?COMMENT Needed ICMP types
 

Shorewall/Macros/macro.A_DropDNSrep

@@ -1,13 +1,10 @@
 #
-# Shorewall - Audited DropDNSrep Macro
+# Shorewall -- /usr/share/shorewall/macro.A_DropDNSrep
 #
-# /usr/share/shorewall/macro.A_DropDNSrep
+# This macro audits and drops DNS UDP replies.
-#
-#	This macro silently audites and drops DNS UDP replies
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 
 ?COMMENT Late DNS Replies
 

Shorewall/Macros/macro.A_DropUPnP

@@ -1,13 +1,10 @@
 #
-# Shorewall - ADropUPnP Macro
+# Shorewall -- /usr/share/shorewall/macro.A_DropUPnP
 #
-# /usr/share/shorewall/macro.A_DropUPnP
+# This macro audits and drops UPnP probes on UDP port 1900.
-#
-#	This macro silently drops UPnP probes on UDP port 1900
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 
 ?COMMENT UPnP
 

Shorewall/Macros/macro.ActiveDir

@@ -1,16 +1,13 @@
 #
-# Shorewall - Samba 4 Macro
+# Shorewall -- /usr/share/shorewall/macro.ActiveDir
-#
-# /usr/share/shorewall/macro.ActiveDir
-#
-#	This macro handles ports for Samba 4 Active Directory Service
-#
-# You can comment out the ports you do not want open
 #
+# This macro handles ports for Samba 4 Active Directory Service.
+# You can copy this file to /etc/shorewall[6]/ and comment out the ports you
+# do not want open.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM   -       -       tcp     389 	#LDAP services
 PARAM   -       -       udp	389  
 PARAM   -       -       tcp     636	#LDAP SSL

Shorewall/Macros/macro.AllowICMPs

@@ -1,13 +1,10 @@
 #
-# Shorewall - AllowICMPs Macro
+# Shorewall -- /usr/share/shorewall/macro.AllowICMPs
 #
-# /usr/share/shorewall/macro.AllowICMPs
+# This macro ACCEPTs needed ICMP types.
-#
-#	This macro ACCEPTs needed ICMP types
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 
 ?COMMENT Needed ICMP types
 

Shorewall/Macros/macro.Amanda

@@ -1,15 +1,12 @@
 #
-# Shorewall - Amanda Macro
+# Shorewall -- /usr/share/shorewall/macro.Amanda
-#
-# /usr/share/shorewall/macro.Amanda
 #
 # This macro handles connections required by the AMANDA backup system
 # to back up remote nodes.  It does not provide the ability to restore
 # files from those nodes.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __AMANDA_HELPER )
  PARAM	-	-	udp	10080 { helper=amanda }

Shorewall/Macros/macro.Auth

@@ -1,11 +1,9 @@
 #
-# Shorewall - Auth Macro
+# Shorewall -- /usr/share/shorewall/macro.Auth
-#
-# /usr/share/shorewall/macro.Auth
 #
 # This macro handles Auth (identd) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	113

Shorewall/Macros/macro.BGP

@@ -1,11 +1,9 @@
 #
-# Shorewall - BGP Macro
+# Shorewall -- /usr/share/shorewall/macro.BGP
-#
-# /usr/share/shorewall/macro.BGP
 #
 # This macro handles BGP4 traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	179	# BGP4

Shorewall/Macros/macro.BLACKLIST

@@ -1,13 +1,11 @@
 #
-# Shorewall - blacklist Macro
+# Shorewall -- /usr/share/shorewall/macro.blacklist
 #
-# /usr/share/shorewall/macro.blacklist
+# This macro handles blacklisting using BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL.
-#
-#	This macro handles blacklisting using BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 ?if $BLACKLIST_LOGLEVEL
 blacklog
 ?else

Shorewall/Macros/macro.BitTorrent

@@ -1,7 +1,5 @@
 #
-# Shorewall - BitTorrent Macro
+# Shorewall -- /usr/share/shorewall/macro.BitTorrent
-#
-# /usr/share/shorewall/macro.BitTorrent
 #
 # This macro handles BitTorrent traffic for BitTorrent 3.1 and earlier.
 #
@@ -9,11 +7,10 @@
 # BitTorrent32 macro.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	6881:6889
 #
 # It may also be necessary to allow UDP traffic:
 #
 PARAM	-	-	udp	6881
-#

Shorewall/Macros/macro.BitTorrent32

@@ -1,16 +1,13 @@
 #
-# Shorewall - BitTorrent 3.2 Macro
+# Shorewall -- /usr/share/shorewall/macro.BitTorrent32
-#
-# /usr/share/shorewall/macro.BitTorrent32
 #
 # This macro handles BitTorrent traffic for BitTorrent 3.2 and later.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	6881:6999
 #
 # It may also be necessary to allow UDP traffic:
 #
 PARAM	-	-	udp	6881
-#

Shorewall/Macros/macro.CVS

@@ -1,11 +1,9 @@
 #
-# Shorewall - CVS Macro
+# Shorewall -- /usr/share/shorewall/macro.CVS
-#
-# /usr/share/shorewall/macro.CVS
 #
 # This macro handles connections to the CVS pserver.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	2401

Shorewall/Macros/macro.Citrix

@@ -1,14 +1,12 @@
 #
-# Shorewall - Citrix/ICA Macro
+# Shorewall -- /usr/share/shorewall/macro.Citrix
-#
-# /usr/share/shorewall/macro.Citrix
 #
 # This macro handles Citrix/ICA traffic (ICA, ICA Browser, CGP a.k.a.
 # ICA Session Reliability)
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	1494	# ICA
 PARAM	-	-	udp	1604	# ICA Browser
 PARAM	-	-	tcp	2598	# CGP Session Reliabilty

Shorewall/Macros/macro.DAAP

@@ -1,13 +1,11 @@
 #
-# Shorewall - DAAP Macro
+# Shorewall -- /usr/share/shorewall/macro.DAAP
-#
-# /usr/share/shorewall/macro.DAAP
 #
 # This macro handles DAAP (Digital Audio Access Protocol) traffic.
 # The protocol is used by iTunes, Rythmbox and other similar daemons.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	3689
 PARAM	-	-	udp	3689

Shorewall/Macros/macro.DCC

@@ -1,12 +1,10 @@
 #
-# Shorewall - DCC Macro
+# Shorewall -- /usr/share/shorewall/macro.DCC
-#
-# /usr/share/shorewall/macro.DCC
 #
 # This macro handles DCC (Distributed Checksum Clearinghouse) traffic.
 # DCC is a distributed spam filtering mechanism.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	udp	6277

Shorewall/Macros/macro.DHCPfwd

@@ -1,12 +1,10 @@
 #
-# Shorewall - DHCPfwd Macro
+# Shorewall -- /usr/share/shorewall/macro.DHCPfwd
-#
-# /usr/share/shorewall/macro.DHCPfwd
 #
 # This macro (bidirectional) handles forwarded DHCP traffic
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	udp	67:68	67:68	# DHCP
 PARAM	DEST	SOURCE	udp	67:68	67:68	# DHCP

Shorewall/Macros/macro.DNS

@@ -1,12 +1,10 @@
 #
-# Shorewall - DNS Macro
+# Shorewall --  /usr/share/shorewall/macro.DNS
-#
-# /usr/share/shorewall/macro.DNS
 #
 # This macro handles DNS traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	udp	53
 PARAM	-	-	tcp	53

Shorewall/Macros/macro.Distcc

@@ -1,11 +1,9 @@
 #
-# Shorewall - Distcc Macro
+# Shorewall -- /usr/share/shorewall/macro.Distcc
-#
-# /usr/share/shorewall/macro.Distcc
 #
 # This macro handles connections to the Distributed Compiler service.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	3632

Shorewall/Macros/macro.Drop

@@ -1,7 +1,5 @@
 #
-# Shorewall - Drop Macro
+# Shorewall -- /usr/share/shorewall/macro.Drop
-#
-# /usr/share/shorewall/macro.Drop
 #
 # This macro generates the same rules as the Drop default action
 # It is used in place of action.Drop when USE_ACTIONS=No.
@@ -11,8 +9,7 @@
 #	Drop	net	all
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 #
 # Don't log 'auth' DROP
 #

Shorewall/Macros/macro.DropDNSrep

@@ -1,13 +1,10 @@
 #
-# Shorewall - DropDNSrep Macro
+# Shorewall -- /usr/share/shorewall/macro.DropDNSrep
-#
-# /usr/share/shorewall/macro.DropDNSrep
 #
 # This macro silently drops DNS UDP replies
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 
 ?COMMENT Late DNS Replies
 

Shorewall/Macros/macro.DropUPnP

@@ -1,13 +1,10 @@
 #
-# Shorewall - DropUPnP Macro
+# Shorewall -- /usr/share/shorewall/macro.DropUPnP
-#
-# /usr/share/shorewall/macro.DropUPnP
 #
 # This macro silently drops UPnP probes on UDP port 1900
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 
 ?COMMENT UPnP
 

Shorewall/Macros/macro.Edonkey

@@ -1,11 +1,8 @@
 #
-# Shorewall - Edonkey Macro
+# Shorewall -- /usr/share/shorewall/macro.Edonkey
-#
-# /usr/share/shorewall/macro.Edonkey
 #
 # This macro handles Edonkey traffic.
 #
-#
 # http://www.portforward.com/english/routers/port_forwarding/2wire/1000s/eDonkey.htm
 # says to use udp 5737 rather than 4665.
 #
@@ -28,7 +25,7 @@
 # applications such as aMule WebServer or aMuleCMD.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	4662
 PARAM	-	-	udp	4665

Shorewall/Macros/macro.FTP

@@ -1,13 +1,11 @@
 #
-# Shorewall - FTP Macro
+# Shorewall -- /usr/share/shorewall/macro.FTP
-#
-# /usr/share/shorewall/macro.FTP
 #
 # This macro handles FTP traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __FTP_HELPER  )
  PARAM	-	-	tcp	21 { helper=ftp }
 ?else

Shorewall/Macros/macro.Finger

@@ -1,12 +1,10 @@
 #
-# Shorewall - Finger Macro
+# Shorewall -- /usr/share/shorewall/macro.Finger
 #
-# /usr/share/shorewall/macro.Finger
+# This macro handles Finger protocol.
-#
+# You should not generally open your finger information to internet.
-#	This macro handles Finger protocol. You should not generally open
-#	your finger information to internet.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	79

Shorewall/Macros/macro.GNUnet

@@ -1,13 +1,11 @@
 #
-# Shorewall - GNUnet Macro
+# Shorewall -- /usr/share/shorewall/macro.GNUnet
-#
-# /usr/share/shorewall/macro.GNUnet
 #
 # This macro handles GNUnet (secure peer-to-peer networking) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	2086
 PARAM	-	-	udp	2086
 PARAM	-	-	tcp	1080

Shorewall/Macros/macro.GRE

@@ -1,13 +1,10 @@
 #
-# Shorewall - GRE Macro
+# Shorewall -- /usr/share/shorewall/macro.GRE
 #
-# /usr/share/shorewall/macro.GRE
+# This macro (bidirectional) handles Generic Routing Encapsulation (GRE).
-#
-#	This macro (bi-directional) handles Generic Routing Encapsulation
-#	traffic (RFC 1701)
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	47	# GRE
 PARAM	DEST	SOURCE	47	# GRE

Shorewall/Macros/macro.Git

@@ -1,11 +1,9 @@
 #
-# Shorewall - Git Macro
+# Shorewall -- /usr/share/shorewall/macro.Git
-#
-# /usr/share/shorewall/macro.Git
 #
 # This macro handles Git traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	9418

Shorewall/Macros/macro.Gnutella

@@ -1,12 +1,10 @@
 #
-# Shorewall - Gnutella Macro
+# Shorewall -- /usr/share/shorewall/macro.Gnutella
-#
-# /usr/share/shorewall/macro.Gnutella
 #
 # This macro handles Gnutella traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	6346
 PARAM	-	-	udp	6346

Shorewall/Macros/macro.Goto-Meeting

@@ -1,12 +1,11 @@
 #
-# Shorewall - Citrix/Goto Meeting macro
+# Shorewall -- /usr/share/shorewall/macro.Goto-Meeting
 #
-# /usr/share/shorewall/macro.Goto-Meeting
+# This macro handles Citrix/Goto Meeting.
-#          by Eric Teeter
+#
-#       This macro handles Citrix/Goto Meeting
+###############################################################################
-#       Assumes that ports 80 and 443 are already open
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#       If needed, use the macros that open Http and Https to reduce redundancy
+
-####################################################################################
+PARAM      -    -       tcp     8200    # Goto Meeting only needed outbound
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+HTTP
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+HTTPS
-PARAM      -    -       tcp     8200    # Goto Meeting only needed (TCP outbound)

Shorewall/Macros/macro.HKP

@@ -1,11 +1,9 @@
 #
-# Shorewall - HKP Macro
+# Shorewall -- /usr/share/shorewall/macro.HKP
-#
-# /usr/share/shorewall/macro.HKP
 #
 # This macro handles OpenPGP HTTP keyserver protocol traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	11371

Shorewall/Macros/macro.HTTP

@@ -1,11 +1,9 @@
 #
-# Shorewall - HTTP Macro
+# Shorewall -- /usr/share/shorewall/macro.HTTP
-#
-# /usr/share/shorewall/macro.HTTP
 #
 # This macro handles plaintext HTTP (WWW) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	80

Shorewall/Macros/macro.HTTPS

@@ -1,11 +1,9 @@
 #
-# Shorewall - HTTPS Macro
+# Shorewall -- /usr/share/shorewall/macro.HTTPS
 #
-# /usr/share/shorewall/macro.HTTPS
+# This macro handles HTTPS (WWW over TLS) traffic.
-#
-#	This macro handles HTTPS (WWW over SSL) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	443

Shorewall/Macros/macro.ICPV2

@@ -1,11 +1,9 @@
 #
-# Shorewall - ICPV2 Macro
+# Shorewall - /usr/share/shorewall/macro.ICPV2
 #
-# /usr/share/shorewall/macro.ICPV2
+# This macro handles Internet Cache Protocol V2 (Squid) traffic.
-#
-#	This macro handles Internet Cache Protocol V2 (Squid) traffic
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	udp	3130

Shorewall/Macros/macro.ICQ

@@ -1,11 +1,9 @@
 #
-# Shorewall - ICQ Macro
+# Shorewall -- /usr/share/shorewall/macro.ICQ
-#
-# /usr/share/shorewall/macro.ICQ
 #
 # This macro handles ICQ, now called AOL Instant Messenger (or AIM).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	5190

Shorewall/Macros/macro.ILO

@@ -1,15 +1,13 @@
 #
-# Shorewall - ILO Macro
+# Shorewall -- /usr/share/shorewall/macro.ILO
-#
-# /usr/share/shorewall/macro.ILO
 #
 # This macro handles console redirection with HP ILO 2+,
 # Use this macro to open access to your ILO interface from management
 # workstations.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	3002		# Raw serial data
 PARAM	-	-	tcp	9300		# Shared Remote Console
 PARAM	-	-	tcp	17988		# Virtual Media

Shorewall/Macros/macro.IMAP

@@ -1,12 +1,10 @@
 #
-# Shorewall - IMAP Macro
+# Shorewall -- /usr/share/shorewall/macro.IMAP
 #
-# /usr/share/shorewall/macro.IMAP
+# This macro handles plaintext and STARTTLS IMAP traffic.
-#
+# For SSL (TLS) IMAP, see macro.IMAPS.
-#	This macro handles plaintext IMAP traffic.  For encrypted IMAP,
-#	see macro.IMAPS.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	143

Shorewall/Macros/macro.IMAPS

@@ -1,12 +1,11 @@
 #
-# Shorewall - IMAPS Macro
+# Shorewall -- /usr/share/shorewall/macro.IMAPS
 #
-# /usr/share/shorewall/macro.IMAPS
+# This macro handles SSL (TLS) IMAP traffic.
-#
+# For plaintext (not recommended) and STARTLS (recommended) IMAP see
-#	This macro handles encrypted IMAP traffic.  For plaintext IMAP
+# macro.IMAP.
-#	(not recommended), see macro.IMAP.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	993

Shorewall/Macros/macro.IPIP

@@ -1,12 +1,10 @@
 #
-# Shorewall - IPIP Macro
+# Shorewall -- /usr/share/shorewall/macro.IPIP
-#
-# /usr/share/shorewall/macro.IPIP
 #
 # This macro (bidirectional) handles IPIP capsulation traffic
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	94	# IPIP
 PARAM	DEST	SOURCE	94	# IPIP

Shorewall/Macros/macro.IPMI

@@ -1,16 +1,15 @@
 #
-# Shorewall - IPMI Macro
+# Shorewall -- /usr/share/shorewall/macro.IPMI
 #
-# /usr/share/shorewall/macro.IPMI
+# This macro handles IPMI console redirection with RMCP protocol.
-#
+# Tested to work with with Asus (AMI),
-#	This macro handles IPMI console redirection with Asus (AMI),
 # Dell DRAC5+ (Avocent), and Supermicro (Aten or AMI).
 # Use this macro to open access to your IPMI interface from management
 # workstations.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	623		# RMCP
 PARAM	-	-	tcp	3668,3669	# Virtual Media, Secure (Dell)
 PARAM	-	-	tcp	5120,5123	# CD, floppy (Asus, Aten)

Shorewall/Macros/macro.IPP

@@ -1,11 +1,9 @@
 #
-# Shorewall - IPP Macro
+# Shorewall -- /usr/share/shorewall/macro.IPP
-#
-# /usr/share/shorewall/macro.IPP
 #
 # This macro handles Internet Printing Protocol (IPP).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	631

Shorewall/Macros/macro.IPPbrd

@@ -1,13 +1,11 @@
 #
-# Shorewall - IPP Broadcast Macro
+# Shorewall -- /usr/share/shorewall/macro.IPPbrd
-#
-# /usr/share/shorewall/macro.IPPbrd
 #
 # This macro handles Internet Printing Protocol (IPP) broadcasts.
 # If you also need to handle TCP 631 connections in the opposite
 # direction, use the IPPserver Macro
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	udp	631

Shorewall/Macros/macro.IPPserver

@@ -1,29 +1,28 @@
 #
-# Shorewall - IPPserver Macro
+# Shorewall -- /usr/share/shorewall/macro.IPPserver
-#
-# /usr/share/shorewall/macro.IPPserver
 #
 # This macro handles Internet Printing Protocol (IPP), indicating
 # that DEST is a printing server for SOURCE.  The macro allows
 # print queue broadcasts from the server to the client, and
 # printing connections from the client to the server.
 #
-#	Example usage on a single-interface firewall which is a print
+# Example usage on a single-interface firewall which is a print client:
-#	client:
-#		IPPserver/ACCEPT $FW net
 #
-#	Example for a two-interface firewall which acts as a print
+#	IPPserver(ACCEPT)	$FW	net
-#	server for loc:
-#		IPPserver/ACCEPT loc $FW
 #
-#	NOTE: If you want both to serve requests for local printers and
+# Example for a two-interface firewall which acts as a print server for loc:
-#	listen to requests for remote printers (i.e. your CUPS server is
+#
-#	also a client), you need to apply the rule twice, e.g.
+#	IPPserver(ACCEPT)	loc	$FW
-#		IPPserver/ACCEPT loc $FW
+#
-#		IPPserver/ACCEPT $FW loc
+# NOTE: If you want both to serve requests for local printers and listen to
+# requests for remote printers (i.e. your CUPS server is also a client),
+# you need to apply the rule twice, e.g.
+#
+#	IPPserver(ACCEPT)	loc	$FW
+#	IPPserver(ACCEPT)	$FW	loc
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	SOURCE	DEST	tcp	631
 PARAM	DEST	SOURCE	udp	631

Shorewall/Macros/macro.IPsec

@@ -1,13 +1,11 @@
 #
-# Shorewall - IPsec Macro
+# Shorewall -- /usr/share/shorewall/macro.IPsec
-#
-# /usr/share/shorewall/macro.IPsec
 #
 # This macro (bidirectional) handles IPsec traffic
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	udp	500	500	# IKE
 PARAM	-	-	50			# ESP
 PARAM	DEST	SOURCE	udp	500	500	# IKE

Shorewall/Macros/macro.IPsecah

@@ -1,14 +1,12 @@
 #
-# Shorewall - IPsecah Macro
+# Shorewall -- /usr/share/shorewall/macro.IPsecah
-#
-# /usr/share/shorewall/macro.IPsecah
 #
 # This macro (bidirectional) handles IPsec authentication (AH) traffic.
 # This is insecure. You should use ESP with encryption for security.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	udp	500	500	# IKE
 PARAM	-	-	51			# AH
 PARAM	DEST	SOURCE	udp	500	500	# IKE

Shorewall/Macros/macro.IPsecnat

@@ -1,13 +1,11 @@
 #
-# Shorewall - IPsecnat Macro
+# Shorewall -- /usr/share/shorewall/macro.IPsecnat
-#
-# /usr/share/shorewall/macro.IPsecnat
 #
 # This macro (bidirectional) handles IPsec traffic and Nat-Traversal
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	udp	500	# IKE
 PARAM	-	-	udp	4500	# NAT-T
 PARAM	-	-	50		# ESP

Shorewall/Macros/macro.IRC

@@ -1,13 +1,10 @@
 #
-# Shorewall IRC Macro
+# Shorewall -- /usr/share/shorewall/macro.IRC
-#
-# /usr/share/shorewall/macro.IRC
 #
 # This macro handles IRC traffic (Internet Relay Chat).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __IRC_HELPER  )
  PARAM	-	-	tcp	6667 { helper=irc }

Shorewall/Macros/macro.JAP

@@ -1,17 +1,14 @@
 #
-# Shorewall - JAP Macro
+# Shorewall -- /usr/share/shorewall/macro.JAP
 #
-# /usr/share/shorewall/macro.JAP
+# This macro handles JAP Anon Proxy Mix server traffic.
-#
+# It is NOT for people trying to browse anonymously!
-#	This macro handles JAP Anon Proxy traffic.  This macro is for
-#	administrators running a Mix server.  It is NOT for people trying
-#	to browse anonymously!
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	8080 # HTTP port
 PARAM	-	-	tcp	6544 # HTTP port
 PARAM	-	-	tcp	6543 # InfoService port
-HTTPS(PARAM)
+HTTPS
-SSH(PARAM)
+SSH

Shorewall/Macros/macro.Jabber

@@ -1,11 +1,9 @@
 #
-# Shorewall - Jabber Macro
+# Shorewall -- /usr/share/shorewall/macro.Jabber
 #
-# /usr/share/shorewall/macro.Jabber
+# This macro handles Jabber traffic.
-#
-#	This macro accepts Jabber traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	5222

Shorewall/Macros/macro.JabberPlain

@@ -1,12 +1,9 @@
 #
-# Shorewall - JabberPlain Macro
+# Shorewall -- /usr/share/shorewall/macro.JabberPlain
 #
-# /usr/share/shorewall/macro.JabberPlain
+# This macro is deprecated - use of macro.Jabber instead is recommended.
-#
-#	This macro accepts Jabber traffic (plaintext). This macro is
-#	deprecated - use of macro.Jabber instead is recommended.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 Jabber

Shorewall/Macros/macro.JabberSecure

@@ -1,13 +1,9 @@
 #
-# Shorewall - JabberSecure (SSL) Macro
+# Shorewall -- /usr/share/shorewall/macro.JabberSecure
 #
-# /usr/share/shorewall/macro.JabberSecure
+# This macro handles deprecated Jabber (SSL) traffic. Use STARTTLS instead.
-#
-#	This macro accepts Jabber traffic (SSL). Use of Jabber with SSL
-#	is deprecated, please configure Jabber with STARTTLS and use
-#	Jabber macro instead.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	5223

Shorewall/Macros/macro.Jabberd

@@ -1,11 +1,9 @@
 #
-# Shorewall - Jabberd (server intercommunication)
+# Shorewall -- /usr/share/shorewall/macro.Jabberd
 #
-# /usr/share/shorewall/macro.Jabberd
+# This macro handles Jabberd intercommunication traffic
-#
-#	This macro accepts Jabberd intercommunication traffic
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	5269

Shorewall/Macros/macro.Jetdirect

@@ -1,11 +1,9 @@
 #
-# Shorewall - Jetdirect Macro
+# Shorewall -- /usr/share/shorewall/macro.Jetdirect
-#
-# /usr/share/shorewall/macro.Jetdirect
 #
 # This macro handles HP Jetdirect printing.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	9100

Shorewall/Macros/macro.Kerberos

@@ -1,12 +1,10 @@
 #
-# Shorewall - Kerberos Macro
+# Shorewall -- /usr/share/shorewall/macro.Kerberos
-#
-# /usr/share/shorewall/macro.Kerberos
 #
 # This macro handles Kerberos traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	88
 PARAM	-	-	udp	88

Shorewall/Macros/macro.L2TP

@@ -1,13 +1,11 @@
 #
-# Shorewall - L2TP Macro
+# Shorewall -- /usr/share/shorewall/macro.L2TP
 #
-# /usr/share/shorewall/macro.L2TP
+# This macro (bidirectional) handles Layer 2 Tunneling Protocol traffic.
-#
-#	This macro (bidirectional) handles Layer 2 Tunneling Protocol traffic
 # (RFC 2661)
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	udp	1701	# L2TP
 PARAM	DEST	SOURCE	udp	1701	# L2TP

Shorewall/Macros/macro.LDAP

@@ -1,7 +1,5 @@
 #
-# Shorewall - LDAP Macro
+# Shorewall -- /usr/share/shorewall/macro.LDAP
-#
-# /usr/share/shorewall/macro.LDAP
 #
 # This macro handles plaintext LDAP traffic. For encrypted LDAP
 # traffic, see macro.LDAPS.  Use of LDAPS is recommended (and is
@@ -11,6 +9,6 @@
 # Consult your LDAP server documentation for details.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	389

Shorewall/Macros/macro.LDAPS

@@ -1,7 +1,5 @@
 #
-# Shorewall - LDAPS Macro
+# Shorewall -- /usr/share/shorewall/macro.LDAPS
-#
-# /usr/share/shorewall/macro.LDAPS
 #
 # This macro handles encrypted LDAP traffic.  For plaintext LDAP
 # traffic, see macro.LDAP.  Use of LDAPS is recommended (and is
@@ -11,6 +9,6 @@
 # Consult your LDAP server documentation for details.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	636

Shorewall/Macros/macro.MSA

@@ -0,0 +1,9 @@
+#
+# Shorewall -- /usr/share/shorewall/macro.MSA
+#
+# This macro handles mail message submission agent (MSA) traffic.
+#
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
+PARAM	-	-	tcp	587

Shorewall/Macros/macro.MSNP

@@ -1,11 +1,9 @@
 #
-# Shorewall - MSNP Macro
+# Shorewall - /usr/share/shorewall/macro.MSNP
-#
-# /usr/share/shorewall/macro.MSNP
 #
 # This macro handles MSNP (MicroSoft Notification Protocol)
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	1863

Shorewall/Macros/macro.MSSQL

@@ -1,12 +1,10 @@
 #
-# Shorewall - MSSQL Macro
+# Shorewall -- /usr/share/shorewall/macro.MSSQL
-#
-# /usr/share/shorewall/macro.MSSQL
 #
 # This macro handles MSSQL (Microsoft SQL Server)
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	1433
 PARAM	-	-	udp	1434

Shorewall/Macros/macro.Mail

@@ -1,10 +1,8 @@
 #
-# Shorewall - Mail Macro
+# Shorewall -- /usr/share/shorewall/macro.Mail
-#
-# /usr/share/shorewall/macro.Mail
 #
 # This macro handles SMTP (email secure and insecure) traffic.
-#	It's the aggregate of macro.SMTP, macro.SMTPS, macro.Submission.
+# It's the aggregate of macro.SMTP, macro.SMTPS, macro.MSA.
 #
 # Note: This macro handles traffic between an MUA (Email client)
 # and an MTA (mail server) or between MTAs. It does not enable
@@ -12,8 +10,8 @@
 # the POP3 or IMAP macros.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
-PARAM	-	-	tcp	25
+SMTP
-PARAM	-	-	tcp	465
+SMTPS
-PARAM	-	-	tcp	587
+MSA

Shorewall/Macros/macro.MongoDB

@@ -1,11 +1,9 @@
 #
-# Shorewall - MongoDB Macro
+# Shorewall -- /usr/share/shorewall/macro.MongoDB
-#
-# /usr/share/shorewall/macro.MongoDB
 #
 # This macro handles MongoDB Daemon/Router traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	27017

Shorewall/Macros/macro.Munin

@@ -1,11 +1,9 @@
 #
-# Shorewall - Munin Macro
+# Shorewall -- /usr/share/shorewall/macro.Munin
 #
-# /usr/share/shorewall/macro.Munin
+# This macro handles Munin networked resource monitoring traffic.
-#
-#	This macro handles Munin networked resource monitoring traffic
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	4949

Shorewall/Macros/macro.MySQL

@@ -1,11 +1,9 @@
 #
-# Shorewall - MySQL Macro
+# Shorewall -- /usr/share/shorewall/macro.MySQL
-#
-# /usr/share/shorewall/macro.MySQL
 #
 # This macro handles connections to the MySQL server.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	3306

Shorewall/Macros/macro.NNTP

@@ -1,12 +1,10 @@
 #
-# Shorewall NNTP Macro
+# Shorewall -- /usr/share/shorewall/macro.NNTP
 #
-# /usr/share/shorewall/macro.NNTP
+# This macro handles plaintext NNTP traffic (Usenet).
-#
+# For encrypted NNTP, see macro.NNTPS.
-#	This macro handles plaintext NNTP traffic (Usenet).  For
-#	encrypted NNTP, see macro.NNTPS.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	119

Shorewall/Macros/macro.NNTPS

@@ -1,12 +1,10 @@
 #
-# Shorewall NNTPS Macro
+# Shorewall -- /usr/share/shorewall/macro.NNTPS
 #
-# /usr/share/shorewall/macro.NNTPS
+# This macro handles encrypted NNTP traffic (Usenet).
-#
+# For plaintext NNTP, see macro.NNTP.
-#	This macro handles encrypted NNTP traffic (Usenet).  For
-#	plaintext NNTP, see macro.NNTP.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	563

Shorewall/Macros/macro.NTP

@@ -1,12 +1,10 @@
 #
-# Shorewall - NTP Macro
+# Shorewall -- /usr/share/shorewall/macro.NTP
 #
-# /usr/share/shorewall/macro.NTP
+# This macro handles NTP traffic.
-#
-#	This macro handles NTP traffic (ntpd).
 # For broadcast NTP traffic, use NTPbrd Macro.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	udp	123

Shorewall/Macros/macro.NTPbi

@@ -1,12 +1,10 @@
 #
-# Shorewall - NTPbi Macro
+# Shorewall -- /usr/share/shorewall/macro.NTPbi
 #
-# /usr/share/shorewall/macro.NTPbi
+# This macro handles  bi-directional NTP (for NTP peers).
-#
-#        This macro handles  bi-directional NTP (for NTP peers)
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
-PARAM	-	-	udp	123
+NTP
-PARAM	DEST	SOURCE	udp	123
+NTP	DEST	SOURCE

Shorewall/Macros/macro.NTPbrd

@@ -1,17 +1,14 @@
 #
-# Shorewall - NTPbrd Macro
+# Shorewall -- /usr/share/shorewall/macro.NTPbrd
 #
-# /usr/share/shorewall/macro.NTPbrd
+# This macro handles NTP traffic including replies to Broadcast NTP traffic.
-#
-#	This macro handles NTP traffic (ntpd) including replies to Broadcast
-#	NTP traffic.
 #
 # It is recommended only to use this where the source host is trusted -
 # otherwise it opens up a large hole in your firewall because
 # Netfilter doesn't track connections for broadcast traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	udp	123
 PARAM	-	-	udp	1024:	123

Shorewall/Macros/macro.OSPF

@@ -1,11 +1,9 @@
 #
-# Shorewall - OSPF Macro
+# Shorewall -- /usr/share/shorewall/macro.OSPF
 #
-# /usr/share/shorewall/macro.OSPF
+# This macro handles OSPF multicast traffic.
-#
-#	This macro handles OSPF multicast traffic
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	89	# OSPF

Shorewall/Macros/macro.OpenVPN

@@ -1,11 +1,9 @@
 #
-# Shorewall - OpenVPN Macro
+# Shorewall -- /usr/share/shorewall/macro.OpenVPN
-#
-# /usr/share/shorewall/macro.OpenVPN Macro
 #
 # This macro handles OpenVPN traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	udp	1194

Shorewall/Macros/macro.PCA

@@ -1,12 +1,10 @@
 #
-# Shorewall - PCA Macro
+# Shorewall -- /usr/share/shorewall/macro.PCA
 #
-# /usr/share/shorewall/macro.PCA
+# This macro handles PCAnywere (tm) traffic.
-#
-#	This macro handles PCAnywere (tm)
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	udp	5632
 PARAM	-	-	tcp	5631

Shorewall/Macros/macro.POP3

@@ -1,12 +1,10 @@
 #
-# Shorewall - POP3 Macro
+# Shorewall -- /usr/share/shorewall/macro.POP3
 #
-# /usr/share/shorewall/macro.POP3
+# This macro handles plaintext POP3 traffic.
-#
+# For encrypted POP3, see macro.POP3S.
-#	This macro handles plaintext POP3 traffic.  For encrypted POP3,
-#	see macro.POP3S.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	110

Shorewall/Macros/macro.POP3S

@@ -1,12 +1,10 @@
 #
-# Shorewall - POP3S Macro
+# Shorewall -- /usr/share/shorewall/macro.POP3S
 #
-# /usr/share/shorewall/macro.POP3S
+# This macro handles encrypted POP3 traffic.
-#
+# For plaintext POP3, see macro.POP3.
-#	This macro handles encrypted POP3 traffic.  For plaintext POP3,
-#	see macro.POP3.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	995	# Secure POP3

Shorewall/Macros/macro.PPtP

@@ -1,15 +1,12 @@
 #
-# Shorewall - PPTP Macro
+# Shorewall -- /usr/share/shorewall/macro.PPtP Macro
 #
-# /usr/share/shorewall/macro.PPtP Macro
+# This macro handles PPTP traffic. NOTE: PPTP protocol is insecure.
-#
-#	This macro handles PPTP traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
-PARAM	-	-	47
+GRE
-PARAM	DEST	SOURCE	47
 
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __PPTP_HELPER )
  PARAM	-	-	tcp	1723 { helper=pptp }

Shorewall/Macros/macro.Ping

@@ -1,11 +1,9 @@
 #
-# Shorewall - Ping Macro
+# Shorewall -- /usr/share/shorewall/macro.Ping
 #
-# /usr/share/shorewall/macro.Ping
+# This macro handles ICMP 'ping' requests.
-#
-#	This macro handles 'ping' requests.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	icmp	8

Shorewall/Macros/macro.PostgreSQL

@@ -1,11 +1,9 @@
 #
-# Shorewall - PostgreSQL Macro
+# Shorewall -- /usr/share/shorewall/macro.PostgreSQL
-#
-# /usr/share/shorewall/macro.PostgreSQL
 #
 # This macro handles connections to the PostgreSQL server.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	5432

Shorewall/Macros/macro.Printer

@@ -1,11 +1,9 @@
 #
-# Shorewall - Printer Macro
+# Shorewall -- /usr/share/shorewall/macro.Printer
-#
-# /usr/share/shorewall/macro.Printer
 #
 # This macro handles Line Printer protocol printing.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	515

Shorewall/Macros/macro.Puppet

@@ -1,12 +1,9 @@
 #
-# Shorewall - Puppet Macro
+# Shorewall -- /usr/share/shorewall/macro.Puppet
 #
-# /usr/share/shorewall/macro.Puppet
+# This macro handles client-to-server for the Puppet configuration management.
-#
-#	This macro handles client-to-server for the Puppet configuration
-#	management system.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	8140

Shorewall/Macros/macro.QUIC

@@ -1,11 +1,9 @@
 #
-# Shorewall - QUIC Macro
+# Shorewall -- /usr/share/shorewall/macro.QUIC
-#
-# /usr/share/shorewall/macro.QUIC
 #
 # This macro handles QUIC (Quick UDP Internet Connections).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	udp	80,443

Shorewall/Macros/macro.RDP

@@ -1,11 +1,9 @@
 #
-# Shorewall - RDP Macro
+# Shorewall -- /usr/share/shorewall/macro.RDP
-#
-# /usr/share/shorewall/macro.RDP
 #
 # This macro handles Microsoft RDP (Remote Desktop) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	3389

Shorewall/Macros/macro.RIPbi

@@ -1,12 +1,10 @@
 #
-# Shorewall - RIPbi Macro
+# Shorewall -- /usr/share/shorewall/macro.RIPbi
 #
-# /usr/share/shorewall/macro.RIPbi
+# This macro (bidirectional) handles Routing Information Protocol (RIP).
-#
-#        This macro handles RIP (Routing Information Protocol) - bidirectional
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	udp	520
 PARAM	DEST	SOURCE	udp	520

Shorewall/Macros/macro.RNDC

@@ -1,11 +1,9 @@
 #
-# Shorewall - RNDC Macro
+# Shorewall -- /usr/share/shorewall/macro.RNDC
 #
-# /usr/share/shorewall/macro.RNDC
+# This macro handles BIND remote management protocol (RNDC) traffic.
-#
-#	This macro handles RNDC (BIND remote management protocol) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	953

Shorewall/Macros/macro.Razor

@@ -1,11 +1,9 @@
 #
-# Shorewall - Razor Macro
+# Shorewall -- /usr/share/shorewall/macro.Razor
-#
-# /usr/share/shorewall/macro.Razor
 #
 # This macro handles traffic for the Razor Antispam System
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 ACCEPT	-	-	tcp	2703

Shorewall/Macros/macro.Rdate

@@ -1,7 +1,5 @@
 #
-# Shorewall - Rdate Macro
+# Shorewall -- /usr/share/shorewall/macro.Rdate
-#
-# /usr/share/shorewall/macro.Rdate
 #
 # This macro handles remote time retrieval (rdate).
 # Unless you are supporting extremely old hardware or software,
@@ -10,6 +8,6 @@
 # use Time macro instead.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	37

Shorewall/Macros/macro.Redis

@@ -1,11 +1,9 @@
 #
-# Shorewall - Redis Macro
+# Shorewall -- /usr/share/shorewall/macro.Redis
-#
-# /usr/share/shorewall/macro.Redis
 #
 # This macro handles Redis traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	6379

Shorewall/Macros/macro.Reject

@@ -1,7 +1,5 @@
 #
-# Shorewall - Reject Macro
+# Shorewall -- /usr/share/shorewall/macro.Reject
-#
-# /usr/share/shorewall/macro.Reject
 #
 # This macro generates the same rules as the Reject default action
 # It is used in place of action.Reject when USE_ACTIONS=No.
@@ -10,10 +8,8 @@
 #
 #	Reject	loc	fw
 #
-#
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 #
 # Don't log 'auth' REJECT
 #

Shorewall/Macros/macro.Rfc1918

@@ -1,14 +1,10 @@
 #
-# Shorewall - Macro Template
+# Shorewall -- /usr/share/shorewall/macro.Rfc1918
 #
-# /usr/share/shorewall/macro.Rfc1918
+# This macro handles SOURCE or ORIGDEST address reserved by RFC 1918.
 #
-#	This macro handles pkts with a SOURCE or ORIGINAL DEST address
+###############################################################################
-#	reserved by RFC 1918
+#ACTION	SOURCE	DEST
-#
+
-#############################################################################################
+PARAM	SOURCE:10.0.0.0/8,172.16.0.0/12,192.168.0.0/16	DEST
-#ACTION		SOURCE		DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+PARAM	SOURCE	DEST { origdest=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 }
-#						PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-PARAM		SOURCE:10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 \
-				DEST
-PARAM		SOURCE		DEST	-	-	-	10.0.0.0/8,172.16.0.0/12,192.168.0.0/16

Shorewall/Macros/macro.Rsync

@@ -1,11 +1,9 @@
 #
-# Shorewall - Rsync Macro
+# Shorewall -- /usr/share/shorewall/macro.Rsync
-#
-# /usr/share/shorewall/macro.Rsync
 #
 # This macro handles connections to the rsync server.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	873

Shorewall/Macros/macro.SANE

@@ -1,13 +1,10 @@
 #
-# Shorewall - SANE Macro
+# Shorewall -- /usr/share/shorewall/macro.SANE
-#
-# /usr/share/shorewall/macro.SANE
 #
 # This macro handles SANE network scanning.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __SANE_HELPER )
  PARAM	-	-	tcp	6566 { helper=sane }
@@ -17,7 +14,8 @@
 
 #
 # Kernels 2.6.23+ has nf_conntrack_sane module which will handle
-# sane data connection.
+# sane data connection. If you need these, copy this file to /etc/shorewall
+# and remove comments from one of the entries below.
 #
 # If you don't have sane conntracking support you need to open whole dynamic
 # port range.

Shorewall/Macros/macro.SIP

@@ -1,13 +1,10 @@
 #
-# Shorewall - SIP Macro
+# Shorewall -- /usr/share/shorewall/macro.SIP
-#
-# /usr/share/shorewall/macro.SIP
 #
 # This macro handles SIP traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __SIP_HELPER  )
  PARAM	-	-	udp	5060 { helper=sip }

Shorewall/Macros/macro.SMB

@@ -1,17 +1,15 @@
 #
-# Shorewall - SMB Macro
+# Shorewall -- /usr/share/shorewall/macro.SMB
 #
-# /usr/share/shorewall/macro.SMB
+# This macro handles Microsoft SMB traffic.
-#
+# You need to invoke this macro in both directions.
-#	This macro handles Microsoft SMB traffic. You need to invoke
+# Beware!  This rule opens a lot of ports, and could possibly be used to
-#	this macro in both directions.  Beware!  This rule opens a lot
+# compromise your firewall if not used with care. You should only allow SMB
-#	of ports, and could possibly be used to compromise your firewall
+# traffic between hosts you fully trust.
-#	if not used with care.  You should only allow SMB traffic
-#	between hosts you fully trust.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	udp	135,445
 
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __NETBIOS_NS_HELPER )

Shorewall/Macros/macro.SMBBI

@@ -1,7 +1,5 @@
 #
-# Shorewall - SMB Bi-directional Macro
+# Shorewall -- /usr/share/shorewall/macro.SMBBI
-#
-# /usr/share/shorewall/macro.SMBBI
 #
 # This macro (bidirectional) handles Microsoft SMB traffic.
 #
@@ -10,27 +8,7 @@
 # allow SMB traffic between hosts you fully trust.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-PARAM	-	-	udp	135,445
 
-?if ( __CT_TARGET && ! $AUTOHELPERS && __NETBIOS_NS_HELPER )
+SMB
- PARAM	-	-	udp	137 { helper=netbios-ns }
+SMB	DEST	SOURCE
- PARAM	-	-	udp	138:139
-?else
- PARAM	-	-	udp	137:139
-?endif
-
-PARAM	-	-	udp	1024:	137
-PARAM	-	-	tcp	135,139,445
-PARAM	DEST	SOURCE	udp	135,445
-
-?if ( __CT_TARGET && ! $AUTOHELPERS && __NETBIOS_NS_HELPER )
- PARAM	DEST	SOURCE	udp	137 { helper=netbios-ns }
- PARAM	DEST	SOURCE	udp	138:139
-?else
- PARAM	DEST	SOURCE	udp	137:139
-?endif
-
-PARAM	DEST	SOURCE	udp	1024:	137
-PARAM	DEST	SOURCE	tcp	135,139,445

Shorewall/Macros/macro.SMBswat

@@ -1,12 +1,9 @@
 #
-# Shorewall - SMBswat Macro
+# Shorewall -- /usr/share/shorewall/macro.SMBswat
 #
-# /usr/share/shorewall/macro.SMBswat
+# This macro handles connections to the Samba Web Administration Tool (SWAT).
-#
-#	This macro handles connections to the Samba Web Administration Tool
-#	(SWAT).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	901

Shorewall/Macros/macro.SMTP

@@ -1,19 +1,12 @@
 #
-# Shorewall - SMTP Macro
+# Shorewall -- /usr/share/shorewall/macro.SMTP
 #
-# /usr/share/shorewall/macro.SMTP
+# This macro handles SMTP (email) traffic.
-#
+# For deprecated SMTP encrypted over SSL (TLS), use macro.SMTPS.
-#	This macro handles plaintext SMTP (email) traffic.  For SMTP
+# Note that STARTTLS can be used over the standard STMP port, so the use of
-#	encrypted over SSL, use macro.SMTPS.  Note that STARTTLS can be
+# this macro doesn't necessarily imply the use of an insecure connection.
-#	used over the standard STMP port, so the use of this macro
-#	doesn't necessarily imply the use of an insecure connection.
-#
-#	Note: This macro handles traffic between an MUA (Email client)
-#	and an MTA (mail server) or between MTAs. It does not enable
-#	reading of email via POP3 or IMAP. For those you need to use
-#	the POP3 or IMAP macros.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	25

Shorewall/Macros/macro.SMTPS

@@ -1,16 +1,10 @@
 #
-# Shorewall - SMTPS Macro
+# Shorewall -- /usr/share/shorewall/macro.SMTPS
 #
-# /usr/share/shorewall/macro.SMTPS
+# This macro handles legacy SMTP over SSL (TLS) traffic.
-#
+# You should configure SMTP STARTTLS instead.
-#	This macro handles encrypted SMTPS (email) traffic.
-#
-#	Note: This macro handles traffic between an MUA (Email client)
-#	and an MTA (mail server) or between MTAs. It does not enable
-#	reading of email via POP3 or IMAP. For those you need to use
-#	the POP3(S) or IMAP(S) macros.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	465

Shorewall/Macros/macro.SNMP

@@ -1,15 +1,11 @@
 #
-# Shorewall - SNMP Macro
+# Shorewall -- /usr/share/shorewall/macro.SNMP
-#
-# /usr/share/shorewall/macro.SNMP
 #
 # This macro handles SNMP traffic.
-#
+# Note: To allow SNMP Traps, use the SNMPTrap macro.
-#       Note: To allow SNMP Traps, use the SNMPTrap macro
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __SNMP_HELPER )
  PARAM	-	-  	udp     161 { helper=snmp }

Shorewall/Macros/macro.SNMPTrap

@@ -1,11 +1,9 @@
 #
-# Shorewall - SNMP Trap Macro
+# Shorewall - /usr/share/shorewall/macro.SNMPtrap
-#
-# /usr/share/shorewall/macro.SNMPtrap
 #
 # This macro handles SNMP traps.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	udp	162

Shorewall/Macros/macro.SPAMD

@@ -1,11 +1,9 @@
 #
-# Shorewall - SPAMD Macro
+# Shorewall -- /usr/share/shorewall/macro.SPAMD
 #
-# /usr/share/shorewall/macro.SPAMD
+# This macro handles SpamAssassin SPAMD traffic.
-#
-#	This macro handles Spam Assassin SPAMD traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	783

Shorewall/Macros/macro.SSH

@@ -1,11 +1,9 @@
 #
-# Shorewall - SSH Macro
+# Shorewall -- /usr/share/shorewall/macro.SSH
-#
-# /usr/share/shorewall/macro.SSH
 #
 # This macro handles secure shell (SSH) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	22