Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code

2016-02-15 11:34:30 -08:00 · 2016-02-15 11:34:30 -08:00 · 4c5eb2fc1c
commit 4c5eb2fc1c
parent ddd4eb16b5 32cd6eaa8a
134 changed files with 784 additions and 1082 deletions
--- a/Shorewall/Macros/macro.AMQP
+++ b/Shorewall/Macros/macro.AMQP
@ -1,12 +1,10 @@
 #
-# Shorewall - AMQP Macro
+# Shorewall -- /usr/share/shorewall/macro.AMQP
 #
-# /usr/share/shorewall/macro.AMQP
+# This macro handles AMQP traffic.
 #
 #	This macro handles AMQP traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	5672
 PARAM	-	-	udp	5672
--- a/Shorewall/Macros/macro.A_AllowICMPs
+++ b/Shorewall/Macros/macro.A_AllowICMPs
@ -1,13 +1,10 @@
 #
-# Shorewall - Audited AllowICMPs Macro
+# Shorewall -- /usr/share/shorewall/macro.A_AllowICMPs
 #
-# /usr/share/shorewall/macro.A_AllowICMPs
+# This macro audits and accepts needed ICMP types.
 #
 #	This macro A_ACCEPTs needed ICMP types
 #
 ###############################################################################
-#ACTION		SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION		SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE
 #					PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?COMMENT Needed ICMP types
--- a/Shorewall/Macros/macro.A_DropDNSrep
+++ b/Shorewall/Macros/macro.A_DropDNSrep
@ -1,13 +1,10 @@
 #
-# Shorewall - Audited DropDNSrep Macro
+# Shorewall -- /usr/share/shorewall/macro.A_DropDNSrep
 #
-# /usr/share/shorewall/macro.A_DropDNSrep
+# This macro audits and drops DNS UDP replies.
 #
 #	This macro silently audites and drops DNS UDP replies
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?COMMENT Late DNS Replies
--- a/Shorewall/Macros/macro.A_DropUPnP
+++ b/Shorewall/Macros/macro.A_DropUPnP
@ -1,13 +1,10 @@
 #
-# Shorewall - ADropUPnP Macro
+# Shorewall -- /usr/share/shorewall/macro.A_DropUPnP
 #
-# /usr/share/shorewall/macro.A_DropUPnP
+# This macro audits and drops UPnP probes on UDP port 1900.
 #
 #	This macro silently drops UPnP probes on UDP port 1900
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?COMMENT UPnP
--- a/Shorewall/Macros/macro.ActiveDir
+++ b/Shorewall/Macros/macro.ActiveDir
@ -1,16 +1,13 @@
 #
-# Shorewall - Samba 4 Macro
+# Shorewall -- /usr/share/shorewall/macro.ActiveDir
 #
 # /usr/share/shorewall/macro.ActiveDir
 #
 #	This macro handles ports for Samba 4 Active Directory Service
 #
 # You can comment out the ports you do not want open
 #
 # This macro handles ports for Samba 4 Active Directory Service.
 # You can copy this file to /etc/shorewall[6]/ and comment out the ports you
 # do not want open.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM   -       -       tcp     389 	#LDAP services
 PARAM   -       -       udp	389  
 PARAM   -       -       tcp     636	#LDAP SSL
--- a/Shorewall/Macros/macro.AllowICMPs
+++ b/Shorewall/Macros/macro.AllowICMPs
@ -1,13 +1,10 @@
 #
-# Shorewall - AllowICMPs Macro
+# Shorewall -- /usr/share/shorewall/macro.AllowICMPs
 #
-# /usr/share/shorewall/macro.AllowICMPs
+# This macro ACCEPTs needed ICMP types.
 #
 #	This macro ACCEPTs needed ICMP types
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?COMMENT Needed ICMP types
--- a/Shorewall/Macros/macro.Amanda
+++ b/Shorewall/Macros/macro.Amanda
@ -1,15 +1,12 @@
 #
-# Shorewall - Amanda Macro
+# Shorewall -- /usr/share/shorewall/macro.Amanda
 #
-# /usr/share/shorewall/macro.Amanda
+# This macro handles connections required by the AMANDA backup system
-#
+# to back up remote nodes.  It does not provide the ability to restore
-#	This macro handles connections required by the AMANDA backup system
+# files from those nodes.
 #	to back up remote nodes.  It does not provide the ability to restore
 #	files from those nodes.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __AMANDA_HELPER )
 PARAM	-	-	udp	10080 { helper=amanda }
--- a/Shorewall/Macros/macro.Auth
+++ b/Shorewall/Macros/macro.Auth
@ -1,11 +1,9 @@
 #
-# Shorewall - Auth Macro
+# Shorewall -- /usr/share/shorewall/macro.Auth
 #
-# /usr/share/shorewall/macro.Auth
+# This macro handles Auth (identd) traffic.
 #
 #	This macro handles Auth (identd) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	113
--- a/Shorewall/Macros/macro.BGP
+++ b/Shorewall/Macros/macro.BGP
@ -1,11 +1,9 @@
 #
-# Shorewall - BGP Macro
+# Shorewall -- /usr/share/shorewall/macro.BGP
 #
-# /usr/share/shorewall/macro.BGP
+# This macro handles BGP4 traffic.
 #
 #	This macro handles BGP4 traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	179	# BGP4
--- a/Shorewall/Macros/macro.BLACKLIST
+++ b/Shorewall/Macros/macro.BLACKLIST
@ -1,13 +1,11 @@
 #
-# Shorewall - blacklist Macro
+# Shorewall -- /usr/share/shorewall/macro.blacklist
 #
-# /usr/share/shorewall/macro.blacklist
+# This macro handles blacklisting using BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL.
 #
 #	This macro handles blacklisting using BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 ?if $BLACKLIST_LOGLEVEL
 blacklog
 ?else
--- a/Shorewall/Macros/macro.BitTorrent
+++ b/Shorewall/Macros/macro.BitTorrent
@ -1,19 +1,16 @@
 #
-# Shorewall - BitTorrent Macro
+# Shorewall -- /usr/share/shorewall/macro.BitTorrent
 #
-# /usr/share/shorewall/macro.BitTorrent
+# This macro handles BitTorrent traffic for BitTorrent 3.1 and earlier.
 #
-#	This macro handles BitTorrent traffic for BitTorrent 3.1 and earlier.
+# If you are running BitTorrent 3.2 or later, you should use the
-#
+# BitTorrent32 macro.
 #	If you are running BitTorrent 3.2 or later, you should use the
 #	BitTorrent32 macro.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	6881:6889
 #
 # It may also be necessary to allow UDP traffic:
 #
 PARAM	-	-	udp	6881
 #
--- a/Shorewall/Macros/macro.BitTorrent32
+++ b/Shorewall/Macros/macro.BitTorrent32
@ -1,16 +1,13 @@
 #
-# Shorewall - BitTorrent 3.2 Macro
+# Shorewall -- /usr/share/shorewall/macro.BitTorrent32
 #
-# /usr/share/shorewall/macro.BitTorrent32
+# This macro handles BitTorrent traffic for BitTorrent 3.2 and later.
 #
 #	This macro handles BitTorrent traffic for BitTorrent 3.2 and later.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	6881:6999
 #
 # It may also be necessary to allow UDP traffic:
 #
 PARAM	-	-	udp	6881
 #
--- a/Shorewall/Macros/macro.CVS
+++ b/Shorewall/Macros/macro.CVS
@ -1,11 +1,9 @@
 #
-# Shorewall - CVS Macro
+# Shorewall -- /usr/share/shorewall/macro.CVS
 #
-# /usr/share/shorewall/macro.CVS
+# This macro handles connections to the CVS pserver.
 #
 #	This macro handles connections to the CVS pserver.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	2401
--- a/Shorewall/Macros/macro.Citrix
+++ b/Shorewall/Macros/macro.Citrix
@ -1,14 +1,12 @@
 #
-# Shorewall - Citrix/ICA Macro
+# Shorewall -- /usr/share/shorewall/macro.Citrix
 #
-# /usr/share/shorewall/macro.Citrix
+# This macro handles Citrix/ICA traffic (ICA, ICA Browser, CGP a.k.a.
-#
+# ICA Session Reliability)
 #	This macro handles Citrix/ICA traffic (ICA, ICA Browser, CGP a.k.a.
 #	ICA Session Reliability)
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	1494	# ICA
 PARAM	-	-	udp	1604	# ICA Browser
 PARAM	-	-	tcp	2598	# CGP Session Reliabilty
--- a/Shorewall/Macros/macro.DAAP
+++ b/Shorewall/Macros/macro.DAAP
@ -1,13 +1,11 @@
 #
-# Shorewall - DAAP Macro
+# Shorewall -- /usr/share/shorewall/macro.DAAP
 #
-# /usr/share/shorewall/macro.DAAP
+# This macro handles DAAP (Digital Audio Access Protocol) traffic.
-#
+# The protocol is used by iTunes, Rythmbox and other similar daemons.
 #	This macro handles DAAP (Digital Audio Access Protocol) traffic.
 #	The protocol is used by iTunes, Rythmbox and other similar daemons.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	3689
 PARAM	-	-	udp	3689
--- a/Shorewall/Macros/macro.DCC
+++ b/Shorewall/Macros/macro.DCC
@ -1,12 +1,10 @@
 #
-# Shorewall - DCC Macro
+# Shorewall -- /usr/share/shorewall/macro.DCC
 #
-# /usr/share/shorewall/macro.DCC
+# This macro handles DCC (Distributed Checksum Clearinghouse) traffic.
-#
+# DCC is a distributed spam filtering mechanism.
 #	This macro handles DCC (Distributed Checksum Clearinghouse) traffic.
 #	DCC is a distributed spam filtering mechanism.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	udp	6277
--- a/Shorewall/Macros/macro.DHCPfwd
+++ b/Shorewall/Macros/macro.DHCPfwd
@ -1,12 +1,10 @@
 #
-# Shorewall - DHCPfwd Macro
+# Shorewall -- /usr/share/shorewall/macro.DHCPfwd
 #
-# /usr/share/shorewall/macro.DHCPfwd
+# This macro (bidirectional) handles forwarded DHCP traffic
 #
 #	This macro (bidirectional) handles forwarded DHCP traffic
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	udp	67:68	67:68	# DHCP
 PARAM	DEST	SOURCE	udp	67:68	67:68	# DHCP
--- a/Shorewall/Macros/macro.DNS
+++ b/Shorewall/Macros/macro.DNS
@ -1,12 +1,10 @@
 #
-# Shorewall - DNS Macro
+# Shorewall --  /usr/share/shorewall/macro.DNS
 #
-# /usr/share/shorewall/macro.DNS
+# This macro handles DNS traffic.
 #
 #	This macro handles DNS traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	udp	53
 PARAM	-	-	tcp	53
--- a/Shorewall/Macros/macro.Distcc
+++ b/Shorewall/Macros/macro.Distcc
@ -1,11 +1,9 @@
 #
-# Shorewall - Distcc Macro
+# Shorewall -- /usr/share/shorewall/macro.Distcc
 #
-# /usr/share/shorewall/macro.Distcc
+# This macro handles connections to the Distributed Compiler service.
 #
 #	This macro handles connections to the Distributed Compiler service.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	3632
--- a/Shorewall/Macros/macro.Drop
+++ b/Shorewall/Macros/macro.Drop
@ -1,18 +1,15 @@
 #
-# Shorewall - Drop Macro
+# Shorewall -- /usr/share/shorewall/macro.Drop
 #
-# /usr/share/shorewall/macro.Drop
+# This macro generates the same rules as the Drop default action
 # It is used in place of action.Drop when USE_ACTIONS=No.
 #
-#	This macro generates the same rules as the Drop default action
+# Example:
 #	It is used in place of action.Drop when USE_ACTIONS=No.
 #
-#	Example:
+#	Drop	net	all
 #
 #		Drop	net	all
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 #
 # Don't log 'auth' DROP
 #
--- a/Shorewall/Macros/macro.DropDNSrep
+++ b/Shorewall/Macros/macro.DropDNSrep
@ -1,13 +1,10 @@
 #
-# Shorewall - DropDNSrep Macro
+# Shorewall -- /usr/share/shorewall/macro.DropDNSrep
 #
-# /usr/share/shorewall/macro.DropDNSrep
+# This macro silently drops DNS UDP replies
 #
 #	This macro silently drops DNS UDP replies
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?COMMENT Late DNS Replies
--- a/Shorewall/Macros/macro.DropUPnP
+++ b/Shorewall/Macros/macro.DropUPnP
@ -1,13 +1,10 @@
 #
-# Shorewall - DropUPnP Macro
+# Shorewall -- /usr/share/shorewall/macro.DropUPnP
 #
-# /usr/share/shorewall/macro.DropUPnP
+# This macro silently drops UPnP probes on UDP port 1900
 #
 #	This macro silently drops UPnP probes on UDP port 1900
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?COMMENT UPnP
--- a/Shorewall/Macros/macro.Edonkey
+++ b/Shorewall/Macros/macro.Edonkey
@ -1,34 +1,31 @@
 #
-# Shorewall - Edonkey Macro
+# Shorewall -- /usr/share/shorewall/macro.Edonkey
 #
-# /usr/share/shorewall/macro.Edonkey
+# This macro handles Edonkey traffic.
 #
-#	This macro handles Edonkey traffic.
+# http://www.portforward.com/english/routers/port_forwarding/2wire/1000s/eDonkey.htm
 # says to use udp 5737 rather than 4665.
 #
 # http://www.amule.org/wiki/index.php/FAQ_ed2k says this:
 #
-#	http://www.portforward.com/english/routers/port_forwarding/2wire/1000s/eDonkey.htm
+# 4661 TCP (outgoing) Port, on which a server listens for connection
-#	says to use udp 5737 rather than 4665.
+# (defined by server).
 #
-#	http://www.amule.org/wiki/index.php/FAQ_ed2k says this:
+# 4665 UDP (outgoing) used for global server searches and global source
 # queries. This is always Server TCP port (in this case 4661) + 4.
 #
-#	4661 TCP (outgoing) Port, on which a server listens for connection
+# 4662 TCP (outgoing and incoming) Client to client transfers.
 #	(defined by server).
 #
-#	4665 UDP (outgoing) used for global server searches and global source
+# 4672 UDP (outgoing and incoming) Extended eMule protocol, Queue
-#	queries. This is always Server TCP port (in this case 4661) + 4.
+# Rating, File Reask Ping
 #
-#	4662 TCP (outgoing and incoming) Client to client transfers.
+# 4711 TCP WebServer listening port.
 #
-#	4672 UDP (outgoing and incoming) Extended eMule protocol, Queue
+# 4712 TCP External Connection port. Used to communicate aMule with other
-#	Rating, File Reask Ping
+# applications such as aMule WebServer or aMuleCMD.
 #
 #	4711 TCP WebServer listening port.
 #
 #	4712 TCP External Connection port. Used to communicate aMule with other
 #	applications such as aMule WebServer or aMuleCMD.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	4662
 PARAM	-	-	udp	4665
--- a/Shorewall/Macros/macro.FTP
+++ b/Shorewall/Macros/macro.FTP
@ -1,13 +1,11 @@
 #
-# Shorewall - FTP Macro
+# Shorewall -- /usr/share/shorewall/macro.FTP
 #
-# /usr/share/shorewall/macro.FTP
+# This macro handles FTP traffic.
 #
 #	This macro handles FTP traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __FTP_HELPER  )
 PARAM	-	-	tcp	21 { helper=ftp }
 ?else
--- a/Shorewall/Macros/macro.Finger
+++ b/Shorewall/Macros/macro.Finger
@ -1,12 +1,10 @@
 #
-# Shorewall - Finger Macro
+# Shorewall -- /usr/share/shorewall/macro.Finger
 #
-# /usr/share/shorewall/macro.Finger
+# This macro handles Finger protocol.
-#
+# You should not generally open your finger information to internet.
 #	This macro handles Finger protocol. You should not generally open
 #	your finger information to internet.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	79
--- a/Shorewall/Macros/macro.GNUnet
+++ b/Shorewall/Macros/macro.GNUnet
@ -1,13 +1,11 @@
 #
-# Shorewall - GNUnet Macro
+# Shorewall -- /usr/share/shorewall/macro.GNUnet
 #
-# /usr/share/shorewall/macro.GNUnet
+# This macro handles GNUnet (secure peer-to-peer networking) traffic.
 #
 #	This macro handles GNUnet (secure peer-to-peer networking) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	2086
 PARAM	-	-	udp	2086
 PARAM	-	-	tcp	1080
--- a/Shorewall/Macros/macro.GRE
+++ b/Shorewall/Macros/macro.GRE
@ -1,13 +1,10 @@
 #
-# Shorewall - GRE Macro
+# Shorewall -- /usr/share/shorewall/macro.GRE
 #
-# /usr/share/shorewall/macro.GRE
+# This macro (bidirectional) handles Generic Routing Encapsulation (GRE).
 #
 #	This macro (bi-directional) handles Generic Routing Encapsulation
 #	traffic (RFC 1701)
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	47	# GRE
 PARAM	DEST	SOURCE	47	# GRE
--- a/Shorewall/Macros/macro.Git
+++ b/Shorewall/Macros/macro.Git
@ -1,11 +1,9 @@
 #
-# Shorewall - Git Macro
+# Shorewall -- /usr/share/shorewall/macro.Git
 #
-# /usr/share/shorewall/macro.Git
+# This macro handles Git traffic.
 #
 #	This macro handles Git traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	9418
--- a/Shorewall/Macros/macro.Gnutella
+++ b/Shorewall/Macros/macro.Gnutella
@ -1,12 +1,10 @@
 #
-# Shorewall - Gnutella Macro
+# Shorewall -- /usr/share/shorewall/macro.Gnutella
 #
-# /usr/share/shorewall/macro.Gnutella
+# This macro handles Gnutella traffic.
 #
 #	This macro handles Gnutella traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	6346
 PARAM	-	-	udp	6346
--- a/Shorewall/Macros/macro.Goto-Meeting
+++ b/Shorewall/Macros/macro.Goto-Meeting
@ -1,12 +1,11 @@
 #
-# Shorewall - Citrix/Goto Meeting macro
+# Shorewall -- /usr/share/shorewall/macro.Goto-Meeting
 #
-# /usr/share/shorewall/macro.Goto-Meeting
+# This macro handles Citrix/Goto Meeting.
-#          by Eric Teeter
+#
-#       This macro handles Citrix/Goto Meeting
+###############################################################################
-#       Assumes that ports 80 and 443 are already open
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#       If needed, use the macros that open Http and Https to reduce redundancy
+
-####################################################################################
+PARAM      -    -       tcp     8200    # Goto Meeting only needed outbound
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+HTTP
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+HTTPS
 PARAM      -    -       tcp     8200    # Goto Meeting only needed (TCP outbound)
--- a/Shorewall/Macros/macro.HKP
+++ b/Shorewall/Macros/macro.HKP
@ -1,11 +1,9 @@
 #
-# Shorewall - HKP Macro
+# Shorewall -- /usr/share/shorewall/macro.HKP
 #
-# /usr/share/shorewall/macro.HKP
+# This macro handles OpenPGP HTTP keyserver protocol traffic.
 #
 #	This macro handles OpenPGP HTTP keyserver protocol traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	11371
--- a/Shorewall/Macros/macro.HTTP
+++ b/Shorewall/Macros/macro.HTTP
@ -1,11 +1,9 @@
 #
-# Shorewall - HTTP Macro
+# Shorewall -- /usr/share/shorewall/macro.HTTP
 #
-# /usr/share/shorewall/macro.HTTP
+# This macro handles plaintext HTTP (WWW) traffic.
 #
 #	This macro handles plaintext HTTP (WWW) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	80
--- a/Shorewall/Macros/macro.HTTPS
+++ b/Shorewall/Macros/macro.HTTPS
@ -1,11 +1,9 @@
 #
-# Shorewall - HTTPS Macro
+# Shorewall -- /usr/share/shorewall/macro.HTTPS
 #
-# /usr/share/shorewall/macro.HTTPS
+# This macro handles HTTPS (WWW over TLS) traffic.
 #
 #	This macro handles HTTPS (WWW over SSL) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	443
--- a/Shorewall/Macros/macro.ICPV2
+++ b/Shorewall/Macros/macro.ICPV2
@ -1,11 +1,9 @@
 #
-# Shorewall - ICPV2 Macro
+# Shorewall - /usr/share/shorewall/macro.ICPV2
 #
-# /usr/share/shorewall/macro.ICPV2
+# This macro handles Internet Cache Protocol V2 (Squid) traffic.
 #
 #	This macro handles Internet Cache Protocol V2 (Squid) traffic
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	udp	3130
--- a/Shorewall/Macros/macro.ICQ
+++ b/Shorewall/Macros/macro.ICQ
@ -1,11 +1,9 @@
 #
-# Shorewall - ICQ Macro
+# Shorewall -- /usr/share/shorewall/macro.ICQ
 #
-# /usr/share/shorewall/macro.ICQ
+# This macro handles ICQ, now called AOL Instant Messenger (or AIM).
 #
 #	This macro handles ICQ, now called AOL Instant Messenger (or AIM).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	5190
--- a/Shorewall/Macros/macro.ILO
+++ b/Shorewall/Macros/macro.ILO
@ -1,15 +1,13 @@
 #
-# Shorewall - ILO Macro
+# Shorewall -- /usr/share/shorewall/macro.ILO
 #
-# /usr/share/shorewall/macro.ILO
+# This macro handles console redirection with HP ILO 2+,
-#
+# Use this macro to open access to your ILO interface from management
-#	This macro handles console redirection with HP ILO 2+,
+# workstations.
 #	Use this macro to open access to your ILO interface from management
 #	workstations.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	3002		# Raw serial data
 PARAM	-	-	tcp	9300		# Shared Remote Console
 PARAM	-	-	tcp	17988		# Virtual Media
--- a/Shorewall/Macros/macro.IMAP
+++ b/Shorewall/Macros/macro.IMAP
@ -1,12 +1,10 @@
 #
-# Shorewall - IMAP Macro
+# Shorewall -- /usr/share/shorewall/macro.IMAP
 #
-# /usr/share/shorewall/macro.IMAP
+# This macro handles plaintext and STARTTLS IMAP traffic.
-#
+# For SSL (TLS) IMAP, see macro.IMAPS.
 #	This macro handles plaintext IMAP traffic.  For encrypted IMAP,
 #	see macro.IMAPS.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	143
--- a/Shorewall/Macros/macro.IMAPS
+++ b/Shorewall/Macros/macro.IMAPS
@ -1,12 +1,11 @@
 #
-# Shorewall - IMAPS Macro
+# Shorewall -- /usr/share/shorewall/macro.IMAPS
 #
-# /usr/share/shorewall/macro.IMAPS
+# This macro handles SSL (TLS) IMAP traffic.
-#
+# For plaintext (not recommended) and STARTLS (recommended) IMAP see
-#	This macro handles encrypted IMAP traffic.  For plaintext IMAP
+# macro.IMAP.
 #	(not recommended), see macro.IMAP.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	993
--- a/Shorewall/Macros/macro.IPIP
+++ b/Shorewall/Macros/macro.IPIP
@ -1,12 +1,10 @@
 #
-# Shorewall - IPIP Macro
+# Shorewall -- /usr/share/shorewall/macro.IPIP
 #
-# /usr/share/shorewall/macro.IPIP
+# This macro (bidirectional) handles IPIP capsulation traffic
 #
 #	This macro (bidirectional) handles IPIP capsulation traffic
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	94	# IPIP
 PARAM	DEST	SOURCE	94	# IPIP
--- a/Shorewall/Macros/macro.IPMI
+++ b/Shorewall/Macros/macro.IPMI
@ -1,16 +1,15 @@
 #
-# Shorewall - IPMI Macro
+# Shorewall -- /usr/share/shorewall/macro.IPMI
 #
-# /usr/share/shorewall/macro.IPMI
+# This macro handles IPMI console redirection with RMCP protocol.
-#
+# Tested to work with with Asus (AMI),
-#	This macro handles IPMI console redirection with Asus (AMI),
+# Dell DRAC5+ (Avocent), and Supermicro (Aten or AMI).
-#	Dell DRAC5+ (Avocent), and Supermicro (Aten or AMI).
+# Use this macro to open access to your IPMI interface from management
-#	Use this macro to open access to your IPMI interface from management
+# workstations.
 #	workstations.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	623		# RMCP
 PARAM	-	-	tcp	3668,3669	# Virtual Media, Secure (Dell)
 PARAM	-	-	tcp	5120,5123	# CD, floppy (Asus, Aten)
--- a/Shorewall/Macros/macro.IPP
+++ b/Shorewall/Macros/macro.IPP
@ -1,11 +1,9 @@
 #
-# Shorewall - IPP Macro
+# Shorewall -- /usr/share/shorewall/macro.IPP
 #
-# /usr/share/shorewall/macro.IPP
+# This macro handles Internet Printing Protocol (IPP).
 #
 #	This macro handles Internet Printing Protocol (IPP).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	631
--- a/Shorewall/Macros/macro.IPPbrd
+++ b/Shorewall/Macros/macro.IPPbrd
@ -1,13 +1,11 @@
 #
-# Shorewall - IPP Broadcast Macro
+# Shorewall -- /usr/share/shorewall/macro.IPPbrd
 #
-# /usr/share/shorewall/macro.IPPbrd
+# This macro handles Internet Printing Protocol (IPP) broadcasts.
-#
+# If you also need to handle TCP 631 connections in the opposite
-#	This macro handles Internet Printing Protocol (IPP) broadcasts.
+# direction, use the IPPserver Macro
 #       If you also need to handle TCP 631 connections in the opposite
 #       direction, use the IPPserver Macro
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	udp	631
--- a/Shorewall/Macros/macro.IPPserver
+++ b/Shorewall/Macros/macro.IPPserver
@ -1,29 +1,28 @@
 #
-# Shorewall - IPPserver Macro
+# Shorewall -- /usr/share/shorewall/macro.IPPserver
 #
-# /usr/share/shorewall/macro.IPPserver
+# This macro handles Internet Printing Protocol (IPP), indicating
 # that DEST is a printing server for SOURCE.  The macro allows
 # print queue broadcasts from the server to the client, and
 # printing connections from the client to the server.
 #
-#	This macro handles Internet Printing Protocol (IPP), indicating
+# Example usage on a single-interface firewall which is a print client:
 #	that DEST is a printing server for SOURCE.  The macro allows
 #	print queue broadcasts from the server to the client, and
 #	printing connections from the client to the server.
 #
-#	Example usage on a single-interface firewall which is a print
+#	IPPserver(ACCEPT)	$FW	net
 #	client:
 #		IPPserver/ACCEPT $FW net
 #
-#	Example for a two-interface firewall which acts as a print
+# Example for a two-interface firewall which acts as a print server for loc:
 #	server for loc:
 #		IPPserver/ACCEPT loc $FW
 #
-#	NOTE: If you want both to serve requests for local printers and
+#	IPPserver(ACCEPT)	loc	$FW
-#	listen to requests for remote printers (i.e. your CUPS server is
+#
-#	also a client), you need to apply the rule twice, e.g.
+# NOTE: If you want both to serve requests for local printers and listen to
-#		IPPserver/ACCEPT loc $FW
+# requests for remote printers (i.e. your CUPS server is also a client),
-#		IPPserver/ACCEPT $FW loc
+# you need to apply the rule twice, e.g.
 #
 #	IPPserver(ACCEPT)	loc	$FW
 #	IPPserver(ACCEPT)	$FW	loc
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	SOURCE	DEST	tcp	631
 PARAM	DEST	SOURCE	udp	631
--- a/Shorewall/Macros/macro.IPsec
+++ b/Shorewall/Macros/macro.IPsec
@ -1,13 +1,11 @@
 #
-# Shorewall - IPsec Macro
+# Shorewall -- /usr/share/shorewall/macro.IPsec
 #
-# /usr/share/shorewall/macro.IPsec
+# This macro (bidirectional) handles IPsec traffic
 #
 #	This macro (bidirectional) handles IPsec traffic
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	udp	500	500	# IKE
 PARAM	-	-	50			# ESP
 PARAM	DEST	SOURCE	udp	500	500	# IKE
--- a/Shorewall/Macros/macro.IPsecah
+++ b/Shorewall/Macros/macro.IPsecah
@ -1,14 +1,12 @@
 #
-# Shorewall - IPsecah Macro
+# Shorewall -- /usr/share/shorewall/macro.IPsecah
 #
-# /usr/share/shorewall/macro.IPsecah
+# This macro (bidirectional) handles IPsec authentication (AH) traffic.
-#
+# This is insecure. You should use ESP with encryption for security.
 #	This macro (bidirectional) handles IPsec authentication (AH) traffic.
 #       This is insecure. You should use ESP with encryption for security.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	udp	500	500	# IKE
 PARAM	-	-	51			# AH
 PARAM	DEST	SOURCE	udp	500	500	# IKE
--- a/Shorewall/Macros/macro.IPsecnat
+++ b/Shorewall/Macros/macro.IPsecnat
@ -1,13 +1,11 @@
 #
-# Shorewall - IPsecnat Macro
+# Shorewall -- /usr/share/shorewall/macro.IPsecnat
 #
-# /usr/share/shorewall/macro.IPsecnat
+# This macro (bidirectional) handles IPsec traffic and Nat-Traversal
 #
 #	This macro (bidirectional) handles IPsec traffic and Nat-Traversal
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	udp	500	# IKE
 PARAM	-	-	udp	4500	# NAT-T
 PARAM	-	-	50		# ESP
--- a/Shorewall/Macros/macro.IRC
+++ b/Shorewall/Macros/macro.IRC
@ -1,13 +1,10 @@
 #
-# Shorewall IRC Macro
+# Shorewall -- /usr/share/shorewall/macro.IRC
 #
-# /usr/share/shorewall/macro.IRC
+# This macro handles IRC traffic (Internet Relay Chat).
 #
 #	This macro handles IRC traffic (Internet Relay Chat).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __IRC_HELPER  )
 PARAM	-	-	tcp	6667 { helper=irc }
--- a/Shorewall/Macros/macro.JAP
+++ b/Shorewall/Macros/macro.JAP
@ -1,17 +1,14 @@
 #
-# Shorewall - JAP Macro
+# Shorewall -- /usr/share/shorewall/macro.JAP
 #
-# /usr/share/shorewall/macro.JAP
+# This macro handles JAP Anon Proxy Mix server traffic.
-#
+# It is NOT for people trying to browse anonymously!
 #	This macro handles JAP Anon Proxy traffic.  This macro is for
 #	administrators running a Mix server.  It is NOT for people trying
 #	to browse anonymously!
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	8080 # HTTP port
 PARAM	-	-	tcp	6544 # HTTP port
 PARAM	-	-	tcp	6543 # InfoService port
-HTTPS(PARAM)
+HTTPS
-SSH(PARAM)
+SSH
--- a/Shorewall/Macros/macro.Jabber
+++ b/Shorewall/Macros/macro.Jabber
@ -1,11 +1,9 @@
 #
-# Shorewall - Jabber Macro
+# Shorewall -- /usr/share/shorewall/macro.Jabber
 #
-# /usr/share/shorewall/macro.Jabber
+# This macro handles Jabber traffic.
 #
 #	This macro accepts Jabber traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	5222
--- a/Shorewall/Macros/macro.JabberPlain
+++ b/Shorewall/Macros/macro.JabberPlain
@ -1,12 +1,9 @@
 #
-# Shorewall - JabberPlain Macro
+# Shorewall -- /usr/share/shorewall/macro.JabberPlain
 #
-# /usr/share/shorewall/macro.JabberPlain
+# This macro is deprecated - use of macro.Jabber instead is recommended.
 #
 #	This macro accepts Jabber traffic (plaintext). This macro is
 #	deprecated - use of macro.Jabber instead is recommended.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 Jabber
--- a/Shorewall/Macros/macro.JabberSecure
+++ b/Shorewall/Macros/macro.JabberSecure
@ -1,13 +1,9 @@
 #
-# Shorewall - JabberSecure (SSL) Macro
+# Shorewall -- /usr/share/shorewall/macro.JabberSecure
 #
-# /usr/share/shorewall/macro.JabberSecure
+# This macro handles deprecated Jabber (SSL) traffic. Use STARTTLS instead.
 #
 #	This macro accepts Jabber traffic (SSL). Use of Jabber with SSL
 #	is deprecated, please configure Jabber with STARTTLS and use
 #	Jabber macro instead.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	5223
--- a/Shorewall/Macros/macro.Jabberd
+++ b/Shorewall/Macros/macro.Jabberd
@ -1,11 +1,9 @@
 #
-# Shorewall - Jabberd (server intercommunication)
+# Shorewall -- /usr/share/shorewall/macro.Jabberd
 #
-# /usr/share/shorewall/macro.Jabberd
+# This macro handles Jabberd intercommunication traffic
 #
 #	This macro accepts Jabberd intercommunication traffic
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	5269
--- a/Shorewall/Macros/macro.Jetdirect
+++ b/Shorewall/Macros/macro.Jetdirect
@ -1,11 +1,9 @@
 #
-# Shorewall - Jetdirect Macro
+# Shorewall -- /usr/share/shorewall/macro.Jetdirect
 #
-# /usr/share/shorewall/macro.Jetdirect
+# This macro handles HP Jetdirect printing.
 #
 #	This macro handles HP Jetdirect printing.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	9100
--- a/Shorewall/Macros/macro.Kerberos
+++ b/Shorewall/Macros/macro.Kerberos
@ -1,12 +1,10 @@
 #
-# Shorewall - Kerberos Macro
+# Shorewall -- /usr/share/shorewall/macro.Kerberos
 #
-# /usr/share/shorewall/macro.Kerberos
+# This macro handles Kerberos traffic.
 #
 #	This macro handles Kerberos traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	88
 PARAM	-	-	udp	88
--- a/Shorewall/Macros/macro.L2TP
+++ b/Shorewall/Macros/macro.L2TP
@ -1,13 +1,11 @@
 #
-# Shorewall - L2TP Macro
+# Shorewall -- /usr/share/shorewall/macro.L2TP
 #
-# /usr/share/shorewall/macro.L2TP
+# This macro (bidirectional) handles Layer 2 Tunneling Protocol traffic.
-#
+# (RFC 2661)
 #	This macro (bidirectional) handles Layer 2 Tunneling Protocol traffic
 #	(RFC 2661)
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	udp	1701	# L2TP
 PARAM	DEST	SOURCE	udp	1701	# L2TP
--- a/Shorewall/Macros/macro.LDAP
+++ b/Shorewall/Macros/macro.LDAP
@ -1,16 +1,14 @@
 #
-# Shorewall - LDAP Macro
+# Shorewall -- /usr/share/shorewall/macro.LDAP
 #
-# /usr/share/shorewall/macro.LDAP
+# This macro handles plaintext LDAP traffic. For encrypted LDAP
-#
+# traffic, see macro.LDAPS.  Use of LDAPS is recommended (and is
-#	This macro handles plaintext LDAP traffic.  For encrypted LDAP
+# required by some directory services) if you want to do user
-#	traffic, see macro.LDAPS.  Use of LDAPS is recommended (and is
+# authentication over LDAP.  Note that some LDAP implementations
-#	required by some directory services) if you want to do user
+# support initiating TLS connections via the plaintext LDAP port.
-#	authentication over LDAP.  Note that some LDAP implementations
+# Consult your LDAP server documentation for details.
 #	support initiating TLS connections via the plaintext LDAP port.
 #	Consult your LDAP server documentation for details.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	389
--- a/Shorewall/Macros/macro.LDAPS
+++ b/Shorewall/Macros/macro.LDAPS
@ -1,16 +1,14 @@
 #
-# Shorewall - LDAPS Macro
+# Shorewall -- /usr/share/shorewall/macro.LDAPS
 #
-# /usr/share/shorewall/macro.LDAPS
+# This macro handles encrypted LDAP traffic.  For plaintext LDAP
-#
+# traffic, see macro.LDAP.  Use of LDAPS is recommended (and is
-#	This macro handles encrypted LDAP traffic.  For plaintext LDAP
+# required by some directory services) if you want to do user
-#	traffic, see macro.LDAP.  Use of LDAPS is recommended (and is
+# authentication over LDAP.  Note that some LDAP implementations
-#	required by some directory services) if you want to do user
+# support initiating TLS connections via the plaintext LDAP port.
-#	authentication over LDAP.  Note that some LDAP implementations
+# Consult your LDAP server documentation for details.
 #	support initiating TLS connections via the plaintext LDAP port.
 #	Consult your LDAP server documentation for details.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	636
--- a/Shorewall/Macros/macro.MSA
+++ b/Shorewall/Macros/macro.MSA
@ -0,0 +1,9 @@
 #
 # Shorewall -- /usr/share/shorewall/macro.MSA
 #
 # This macro handles mail message submission agent (MSA) traffic.
 #
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 PARAM	-	-	tcp	587
--- a/Shorewall/Macros/macro.MSNP
+++ b/Shorewall/Macros/macro.MSNP
@ -1,11 +1,9 @@
 #
-# Shorewall - MSNP Macro
+# Shorewall - /usr/share/shorewall/macro.MSNP
 #
-# /usr/share/shorewall/macro.MSNP
+# This macro handles MSNP (MicroSoft Notification Protocol)
 #
 #	This macro handles MSNP (MicroSoft Notification Protocol)
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	1863
--- a/Shorewall/Macros/macro.MSSQL
+++ b/Shorewall/Macros/macro.MSSQL
@ -1,12 +1,10 @@
 #
-# Shorewall - MSSQL Macro
+# Shorewall -- /usr/share/shorewall/macro.MSSQL
 #
-# /usr/share/shorewall/macro.MSSQL
+# This macro handles MSSQL (Microsoft SQL Server)
 #
 #	This macro handles MSSQL (Microsoft SQL Server)
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	1433
 PARAM	-	-	udp	1434
--- a/Shorewall/Macros/macro.Mail
+++ b/Shorewall/Macros/macro.Mail
@ -1,19 +1,17 @@
 #
-# Shorewall - Mail Macro
+# Shorewall -- /usr/share/shorewall/macro.Mail
 #
-# /usr/share/shorewall/macro.Mail
+# This macro handles SMTP (email secure and insecure) traffic.
 # It's the aggregate of macro.SMTP, macro.SMTPS, macro.MSA.
 #
-#	This macro handles SMTP (email secure and insecure) traffic.
+# Note: This macro handles traffic between an MUA (Email client)
-#	It's the aggregate of macro.SMTP, macro.SMTPS, macro.Submission.
+# and an MTA (mail server) or between MTAs. It does not enable
-#
+# reading of email via POP3 or IMAP. For those you need to use
-#	Note: This macro handles traffic between an MUA (Email client)
+# the POP3 or IMAP macros.
 #	and an MTA (mail server) or between MTAs. It does not enable
 #	reading of email via POP3 or IMAP. For those you need to use
 #	the POP3 or IMAP macros.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
-PARAM	-	-	tcp	25
+SMTP
-PARAM	-	-	tcp	465
+SMTPS
-PARAM	-	-	tcp	587
+MSA
--- a/Shorewall/Macros/macro.MongoDB
+++ b/Shorewall/Macros/macro.MongoDB
@ -1,11 +1,9 @@
 #
-# Shorewall - MongoDB Macro
+# Shorewall -- /usr/share/shorewall/macro.MongoDB
 #
-# /usr/share/shorewall/macro.MongoDB
+# This macro handles MongoDB Daemon/Router traffic.
 #
 #	This macro handles MongoDB Daemon/Router traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	27017
--- a/Shorewall/Macros/macro.Munin
+++ b/Shorewall/Macros/macro.Munin
@ -1,11 +1,9 @@
 #
-# Shorewall - Munin Macro
+# Shorewall -- /usr/share/shorewall/macro.Munin
 #
-# /usr/share/shorewall/macro.Munin
+# This macro handles Munin networked resource monitoring traffic.
 #
 #	This macro handles Munin networked resource monitoring traffic
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	4949
--- a/Shorewall/Macros/macro.MySQL
+++ b/Shorewall/Macros/macro.MySQL
@ -1,11 +1,9 @@
 #
-# Shorewall - MySQL Macro
+# Shorewall -- /usr/share/shorewall/macro.MySQL
 #
-# /usr/share/shorewall/macro.MySQL
+# This macro handles connections to the MySQL server.
 #
 #	This macro handles connections to the MySQL server.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	3306
--- a/Shorewall/Macros/macro.NNTP
+++ b/Shorewall/Macros/macro.NNTP
@ -1,12 +1,10 @@
 #
-# Shorewall NNTP Macro
+# Shorewall -- /usr/share/shorewall/macro.NNTP
 #
-# /usr/share/shorewall/macro.NNTP
+# This macro handles plaintext NNTP traffic (Usenet).
-#
+# For encrypted NNTP, see macro.NNTPS.
 #	This macro handles plaintext NNTP traffic (Usenet).  For
 #	encrypted NNTP, see macro.NNTPS.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	119
--- a/Shorewall/Macros/macro.NNTPS
+++ b/Shorewall/Macros/macro.NNTPS
@ -1,12 +1,10 @@
 #
-# Shorewall NNTPS Macro
+# Shorewall -- /usr/share/shorewall/macro.NNTPS
 #
-# /usr/share/shorewall/macro.NNTPS
+# This macro handles encrypted NNTP traffic (Usenet).
-#
+# For plaintext NNTP, see macro.NNTP.
 #	This macro handles encrypted NNTP traffic (Usenet).  For
 #	plaintext NNTP, see macro.NNTP.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	563
--- a/Shorewall/Macros/macro.NTP
+++ b/Shorewall/Macros/macro.NTP
@ -1,12 +1,10 @@
 #
-# Shorewall - NTP Macro
+# Shorewall -- /usr/share/shorewall/macro.NTP
 #
-# /usr/share/shorewall/macro.NTP
+# This macro handles NTP traffic.
-#
+# For broadcast NTP traffic, use NTPbrd Macro.
 #	This macro handles NTP traffic (ntpd).
 #	For broadcast NTP traffic, use NTPbrd Macro.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	udp	123
--- a/Shorewall/Macros/macro.NTPbi
+++ b/Shorewall/Macros/macro.NTPbi
@ -1,12 +1,10 @@
 #
-# Shorewall - NTPbi Macro
+# Shorewall -- /usr/share/shorewall/macro.NTPbi
 #
-# /usr/share/shorewall/macro.NTPbi
+# This macro handles  bi-directional NTP (for NTP peers).
 #
 #        This macro handles  bi-directional NTP (for NTP peers)
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
-PARAM	-	-	udp	123
+NTP
-PARAM	DEST	SOURCE	udp	123
+NTP	DEST	SOURCE
--- a/Shorewall/Macros/macro.NTPbrd
+++ b/Shorewall/Macros/macro.NTPbrd
@ -1,17 +1,14 @@
 #
-# Shorewall - NTPbrd Macro
+# Shorewall -- /usr/share/shorewall/macro.NTPbrd
 #
-# /usr/share/shorewall/macro.NTPbrd
+# This macro handles NTP traffic including replies to Broadcast NTP traffic.
 #
-#	This macro handles NTP traffic (ntpd) including replies to Broadcast
+# It is recommended only to use this where the source host is trusted -
-#	NTP traffic.
+# otherwise it opens up a large hole in your firewall because
-#
+# Netfilter doesn't track connections for broadcast traffic.
 #	It is recommended only to use this where the source host is trusted -
 #	otherwise it opens up a large hole in your firewall because
 #	Netfilter doesn't track connections for broadcast traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
-PARAM	-		-		udp	123
+PARAM	-	-	udp	123
-PARAM	-		-		udp	1024:	123
+PARAM	-	-	udp	1024:	123
--- a/Shorewall/Macros/macro.OSPF
+++ b/Shorewall/Macros/macro.OSPF
@ -1,11 +1,9 @@
 #
-# Shorewall - OSPF Macro
+# Shorewall -- /usr/share/shorewall/macro.OSPF
 #
-# /usr/share/shorewall/macro.OSPF
+# This macro handles OSPF multicast traffic.
 #
 #	This macro handles OSPF multicast traffic
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	89	# OSPF
--- a/Shorewall/Macros/macro.OpenVPN
+++ b/Shorewall/Macros/macro.OpenVPN
@ -1,11 +1,9 @@
 #
-# Shorewall - OpenVPN Macro
+# Shorewall -- /usr/share/shorewall/macro.OpenVPN
 #
-# /usr/share/shorewall/macro.OpenVPN Macro
+# This macro handles OpenVPN traffic.
 #
 #	This macro handles OpenVPN traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	udp	1194
--- a/Shorewall/Macros/macro.PCA
+++ b/Shorewall/Macros/macro.PCA
@ -1,12 +1,10 @@
 #
-# Shorewall - PCA Macro
+# Shorewall -- /usr/share/shorewall/macro.PCA
 #
-# /usr/share/shorewall/macro.PCA
+# This macro handles PCAnywere (tm) traffic.
 #
 #	This macro handles PCAnywere (tm)
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	udp	5632
 PARAM	-	-	tcp	5631
--- a/Shorewall/Macros/macro.POP3
+++ b/Shorewall/Macros/macro.POP3
@ -1,12 +1,10 @@
 #
-# Shorewall - POP3 Macro
+# Shorewall -- /usr/share/shorewall/macro.POP3
 #
-# /usr/share/shorewall/macro.POP3
+# This macro handles plaintext POP3 traffic.
-#
+# For encrypted POP3, see macro.POP3S.
 #	This macro handles plaintext POP3 traffic.  For encrypted POP3,
 #	see macro.POP3S.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	110
--- a/Shorewall/Macros/macro.POP3S
+++ b/Shorewall/Macros/macro.POP3S
@ -1,12 +1,10 @@
 #
-# Shorewall - POP3S Macro
+# Shorewall -- /usr/share/shorewall/macro.POP3S
 #
-# /usr/share/shorewall/macro.POP3S
+# This macro handles encrypted POP3 traffic.
-#
+# For plaintext POP3, see macro.POP3.
 #	This macro handles encrypted POP3 traffic.  For plaintext POP3,
 #	see macro.POP3.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	995	# Secure POP3
--- a/Shorewall/Macros/macro.PPtP
+++ b/Shorewall/Macros/macro.PPtP
@ -1,15 +1,12 @@
 #
-# Shorewall - PPTP Macro
+# Shorewall -- /usr/share/shorewall/macro.PPtP Macro
 #
-# /usr/share/shorewall/macro.PPtP Macro
+# This macro handles PPTP traffic. NOTE: PPTP protocol is insecure.
 #
 #	This macro handles PPTP traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
-PARAM	-	-	47
+GRE
 PARAM	DEST	SOURCE	47
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __PPTP_HELPER )
 PARAM	-	-	tcp	1723 { helper=pptp }
--- a/Shorewall/Macros/macro.Ping
+++ b/Shorewall/Macros/macro.Ping
@ -1,11 +1,9 @@
 #
-# Shorewall - Ping Macro
+# Shorewall -- /usr/share/shorewall/macro.Ping
 #
-# /usr/share/shorewall/macro.Ping
+# This macro handles ICMP 'ping' requests.
 #
 #	This macro handles 'ping' requests.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	icmp	8
--- a/Shorewall/Macros/macro.PostgreSQL
+++ b/Shorewall/Macros/macro.PostgreSQL
@ -1,11 +1,9 @@
 #
-# Shorewall - PostgreSQL Macro
+# Shorewall -- /usr/share/shorewall/macro.PostgreSQL
 #
-# /usr/share/shorewall/macro.PostgreSQL
+# This macro handles connections to the PostgreSQL server.
 #
 #	This macro handles connections to the PostgreSQL server.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	5432
--- a/Shorewall/Macros/macro.Printer
+++ b/Shorewall/Macros/macro.Printer
@ -1,11 +1,9 @@
 #
-# Shorewall - Printer Macro
+# Shorewall -- /usr/share/shorewall/macro.Printer
 #
-# /usr/share/shorewall/macro.Printer
+# This macro handles Line Printer protocol printing.
 #
 #	This macro handles Line Printer protocol printing.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	515
--- a/Shorewall/Macros/macro.Puppet
+++ b/Shorewall/Macros/macro.Puppet
@ -1,12 +1,9 @@
 #
-# Shorewall - Puppet Macro
+# Shorewall -- /usr/share/shorewall/macro.Puppet
 #
-# /usr/share/shorewall/macro.Puppet
+# This macro handles client-to-server for the Puppet configuration management.
 #
 #	This macro handles client-to-server for the Puppet configuration
 #	management system.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	8140
--- a/Shorewall/Macros/macro.QUIC
+++ b/Shorewall/Macros/macro.QUIC
@ -1,11 +1,9 @@
 #
-# Shorewall - QUIC Macro
+# Shorewall -- /usr/share/shorewall/macro.QUIC
 #
-# /usr/share/shorewall/macro.QUIC
+# This macro handles QUIC (Quick UDP Internet Connections).
 #
 #	This macro handles QUIC (Quick UDP Internet Connections).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	udp	80,443
--- a/Shorewall/Macros/macro.RDP
+++ b/Shorewall/Macros/macro.RDP
@ -1,11 +1,9 @@
 #
-# Shorewall - RDP Macro
+# Shorewall -- /usr/share/shorewall/macro.RDP
 #
-# /usr/share/shorewall/macro.RDP
+# This macro handles Microsoft RDP (Remote Desktop) traffic.
 #
 #	This macro handles Microsoft RDP (Remote Desktop) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	3389
--- a/Shorewall/Macros/macro.RIPbi
+++ b/Shorewall/Macros/macro.RIPbi
@ -1,12 +1,10 @@
 #
-# Shorewall - RIPbi Macro
+# Shorewall -- /usr/share/shorewall/macro.RIPbi
 #
-# /usr/share/shorewall/macro.RIPbi
+# This macro (bidirectional) handles Routing Information Protocol (RIP).
 #
 #        This macro handles RIP (Routing Information Protocol) - bidirectional
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	udp	520
 PARAM	DEST	SOURCE	udp	520
--- a/Shorewall/Macros/macro.RNDC
+++ b/Shorewall/Macros/macro.RNDC
@ -1,11 +1,9 @@
 #
-# Shorewall - RNDC Macro
+# Shorewall -- /usr/share/shorewall/macro.RNDC
 #
-# /usr/share/shorewall/macro.RNDC
+# This macro handles BIND remote management protocol (RNDC) traffic.
 #
 #	This macro handles RNDC (BIND remote management protocol) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	953
--- a/Shorewall/Macros/macro.Razor
+++ b/Shorewall/Macros/macro.Razor
@ -1,11 +1,9 @@
 #
-# Shorewall - Razor Macro
+# Shorewall -- /usr/share/shorewall/macro.Razor
 #
-# /usr/share/shorewall/macro.Razor
+# This macro handles traffic for the Razor Antispam System
 #
 #	This macro handles traffic for the Razor Antispam System
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 ACCEPT	-	-	tcp	2703
--- a/Shorewall/Macros/macro.Rdate
+++ b/Shorewall/Macros/macro.Rdate
@ -1,15 +1,13 @@
 #
-# Shorewall - Rdate Macro
+# Shorewall -- /usr/share/shorewall/macro.Rdate
 #
-# /usr/share/shorewall/macro.Rdate
+# This macro handles remote time retrieval (rdate).
-#
+# Unless you are supporting extremely old hardware or software,
-#	This macro handles remote time retrieval (rdate).
+# you shouldn't be using this. NTP is a superior alternative.
-#	Unless you are supporting extremely old hardware or software,
+# And even if you need to use rfc 868 Time protocol you should
-#	you shouldn't be using this.  NTP is a superior alternative.
+# use Time macro instead.
 #	And even if you need to use rfc 868 Time protocol you should
 #	use Time macro instead.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	37
--- a/Shorewall/Macros/macro.Redis
+++ b/Shorewall/Macros/macro.Redis
@ -1,11 +1,9 @@
 #
-# Shorewall - Redis Macro
+# Shorewall -- /usr/share/shorewall/macro.Redis
 #
-# /usr/share/shorewall/macro.Redis
+# This macro handles Redis traffic.
 #
 #	This macro handles Redis traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	6379
--- a/Shorewall/Macros/macro.Reject
+++ b/Shorewall/Macros/macro.Reject
@ -1,19 +1,15 @@
 #
-# Shorewall - Reject Macro
+# Shorewall -- /usr/share/shorewall/macro.Reject
 #
-# /usr/share/shorewall/macro.Reject
+# This macro generates the same rules as the Reject default action
 # It is used in place of action.Reject when USE_ACTIONS=No.
 #
-#	This macro generates the same rules as the Reject default action
+# Example:
 #	It is used in place of action.Reject when USE_ACTIONS=No.
 #
 #	Example:
 #
 #		Reject	loc	fw
 #
 #	Reject	loc	fw
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 #
 # Don't log 'auth' REJECT
 #
--- a/Shorewall/Macros/macro.Rfc1918
+++ b/Shorewall/Macros/macro.Rfc1918
@ -1,14 +1,10 @@
 #
-# Shorewall - Macro Template
+# Shorewall -- /usr/share/shorewall/macro.Rfc1918
 #
-# /usr/share/shorewall/macro.Rfc1918
+# This macro handles SOURCE or ORIGDEST address reserved by RFC 1918.
 #
-#	This macro handles pkts with a SOURCE or ORIGINAL DEST address
+###############################################################################
-#	reserved by RFC 1918
+#ACTION	SOURCE	DEST
-#
+
-#############################################################################################
+PARAM	SOURCE:10.0.0.0/8,172.16.0.0/12,192.168.0.0/16	DEST
-#ACTION		SOURCE		DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+PARAM	SOURCE	DEST { origdest=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 }
 #						PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM		SOURCE:10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 \
 				DEST
 PARAM		SOURCE		DEST	-	-	-	10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
--- a/Shorewall/Macros/macro.Rsync
+++ b/Shorewall/Macros/macro.Rsync
@ -1,11 +1,9 @@
 #
-# Shorewall - Rsync Macro
+# Shorewall -- /usr/share/shorewall/macro.Rsync
 #
-# /usr/share/shorewall/macro.Rsync
+# This macro handles connections to the rsync server.
 #
 #	This macro handles connections to the rsync server.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	873
--- a/Shorewall/Macros/macro.SANE
+++ b/Shorewall/Macros/macro.SANE
@ -1,13 +1,10 @@
 #
-# Shorewall - SANE Macro
+# Shorewall -- /usr/share/shorewall/macro.SANE
 #
-# /usr/share/shorewall/macro.SANE
+# This macro handles SANE network scanning.
 #
 #	This macro handles SANE network scanning.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __SANE_HELPER )
 PARAM	-	-	tcp	6566 { helper=sane }
@ -17,7 +14,8 @@
 #
 # Kernels 2.6.23+ has nf_conntrack_sane module which will handle
-# sane data connection.
+# sane data connection. If you need these, copy this file to /etc/shorewall
 # and remove comments from one of the entries below.
 #
 # If you don't have sane conntracking support you need to open whole dynamic
 # port range.
--- a/Shorewall/Macros/macro.SIP
+++ b/Shorewall/Macros/macro.SIP
@ -1,13 +1,10 @@
 #
-# Shorewall - SIP Macro
+# Shorewall -- /usr/share/shorewall/macro.SIP
 #
-# /usr/share/shorewall/macro.SIP
+# This macro handles SIP traffic.
 #
 #	This macro handles SIP traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __SIP_HELPER  )
 PARAM	-	-	udp	5060 { helper=sip }
--- a/Shorewall/Macros/macro.SMB
+++ b/Shorewall/Macros/macro.SMB
@ -1,17 +1,15 @@
 #
-# Shorewall - SMB Macro
+# Shorewall -- /usr/share/shorewall/macro.SMB
 #
-# /usr/share/shorewall/macro.SMB
+# This macro handles Microsoft SMB traffic.
-#
+# You need to invoke this macro in both directions.
-#	This macro handles Microsoft SMB traffic. You need to invoke
+# Beware!  This rule opens a lot of ports, and could possibly be used to
-#	this macro in both directions.  Beware!  This rule opens a lot
+# compromise your firewall if not used with care. You should only allow SMB
-#	of ports, and could possibly be used to compromise your firewall
+# traffic between hosts you fully trust.
 #	if not used with care.  You should only allow SMB traffic
 #	between hosts you fully trust.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	udp	135,445
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __NETBIOS_NS_HELPER )
--- a/Shorewall/Macros/macro.SMBBI
+++ b/Shorewall/Macros/macro.SMBBI
@ -1,36 +1,14 @@
 #
-# Shorewall - SMB Bi-directional Macro
+# Shorewall -- /usr/share/shorewall/macro.SMBBI
 #
-# /usr/share/shorewall/macro.SMBBI
+# This macro (bidirectional) handles Microsoft SMB traffic.
 #
-#	This macro (bidirectional) handles Microsoft SMB traffic.
+# Beware! This macro opens a lot of ports, and could possibly be used
-#
+# to compromise your firewall if not used with care. You should only
-#	Beware!  This macro opens a lot of ports, and could possibly be used
+# allow SMB traffic between hosts you fully trust.
 #	to compromise your firewall if not used with care.  You should only
 #	allow SMB traffic between hosts you fully trust.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	135,445
-?if ( __CT_TARGET && ! $AUTOHELPERS && __NETBIOS_NS_HELPER )
+SMB
- PARAM	-	-	udp	137 { helper=netbios-ns }
+SMB	DEST	SOURCE
 PARAM	-	-	udp	138:139
 ?else
 PARAM	-	-	udp	137:139
 ?endif
 PARAM	-	-	udp	1024:	137
 PARAM	-	-	tcp	135,139,445
 PARAM	DEST	SOURCE	udp	135,445
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __NETBIOS_NS_HELPER )
 PARAM	DEST	SOURCE	udp	137 { helper=netbios-ns }
 PARAM	DEST	SOURCE	udp	138:139
 ?else
 PARAM	DEST	SOURCE	udp	137:139
 ?endif
 PARAM	DEST	SOURCE	udp	1024:	137
 PARAM	DEST	SOURCE	tcp	135,139,445
--- a/Shorewall/Macros/macro.SMBswat
+++ b/Shorewall/Macros/macro.SMBswat
@ -1,12 +1,9 @@
 #
-# Shorewall - SMBswat Macro
+# Shorewall -- /usr/share/shorewall/macro.SMBswat
 #
-# /usr/share/shorewall/macro.SMBswat
+# This macro handles connections to the Samba Web Administration Tool (SWAT).
 #
 #	This macro handles connections to the Samba Web Administration Tool
 #	(SWAT).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	901
--- a/Shorewall/Macros/macro.SMTP
+++ b/Shorewall/Macros/macro.SMTP
@ -1,19 +1,12 @@
 #
-# Shorewall - SMTP Macro
+# Shorewall -- /usr/share/shorewall/macro.SMTP
 #
-# /usr/share/shorewall/macro.SMTP
+# This macro handles SMTP (email) traffic.
-#
+# For deprecated SMTP encrypted over SSL (TLS), use macro.SMTPS.
-#	This macro handles plaintext SMTP (email) traffic.  For SMTP
+# Note that STARTTLS can be used over the standard STMP port, so the use of
-#	encrypted over SSL, use macro.SMTPS.  Note that STARTTLS can be
+# this macro doesn't necessarily imply the use of an insecure connection.
 #	used over the standard STMP port, so the use of this macro
 #	doesn't necessarily imply the use of an insecure connection.
 #
 #	Note: This macro handles traffic between an MUA (Email client)
 #	and an MTA (mail server) or between MTAs. It does not enable
 #	reading of email via POP3 or IMAP. For those you need to use
 #	the POP3 or IMAP macros.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	25
--- a/Shorewall/Macros/macro.SMTPS
+++ b/Shorewall/Macros/macro.SMTPS
@ -1,16 +1,10 @@
 #
-# Shorewall - SMTPS Macro
+# Shorewall -- /usr/share/shorewall/macro.SMTPS
 #
-# /usr/share/shorewall/macro.SMTPS
+# This macro handles legacy SMTP over SSL (TLS) traffic.
-#
+# You should configure SMTP STARTTLS instead.
 #	This macro handles encrypted SMTPS (email) traffic.
 #
 #	Note: This macro handles traffic between an MUA (Email client)
 #	and an MTA (mail server) or between MTAs. It does not enable
 #	reading of email via POP3 or IMAP. For those you need to use
 #	the POP3(S) or IMAP(S) macros.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	465
--- a/Shorewall/Macros/macro.SNMP
+++ b/Shorewall/Macros/macro.SNMP
@ -1,15 +1,11 @@
 #
-# Shorewall - SNMP Macro
+# Shorewall -- /usr/share/shorewall/macro.SNMP
 #
-# /usr/share/shorewall/macro.SNMP
+# This macro handles SNMP traffic.
-#
+# Note: To allow SNMP Traps, use the SNMPTrap macro.
 #	This macro handles SNMP traffic.
 #
 #       Note: To allow SNMP Traps, use the SNMPTrap macro
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __SNMP_HELPER )
 PARAM	-	-  	udp     161 { helper=snmp }
--- a/Shorewall/Macros/macro.SNMPTrap
+++ b/Shorewall/Macros/macro.SNMPTrap
@ -1,11 +1,9 @@
 #
-# Shorewall - SNMP Trap Macro
+# Shorewall - /usr/share/shorewall/macro.SNMPtrap
 #
-# /usr/share/shorewall/macro.SNMPtrap
+# This macro handles SNMP traps.
 #
 #	This macro handles SNMP traps.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	udp	162
--- a/Shorewall/Macros/macro.SPAMD
+++ b/Shorewall/Macros/macro.SPAMD
@ -1,11 +1,9 @@
 #
-# Shorewall - SPAMD Macro
+# Shorewall -- /usr/share/shorewall/macro.SPAMD
 #
-# /usr/share/shorewall/macro.SPAMD
+# This macro handles SpamAssassin SPAMD traffic.
 #
 #	This macro handles Spam Assassin SPAMD traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	783
--- a/Shorewall/Macros/macro.SSH
+++ b/Shorewall/Macros/macro.SSH
@ -1,11 +1,9 @@
 #
-# Shorewall - SSH Macro
+# Shorewall -- /usr/share/shorewall/macro.SSH
 #
-# /usr/share/shorewall/macro.SSH
+# This macro handles secure shell (SSH) traffic.
 #
 #	This macro handles secure shell (SSH) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+
 PARAM	-	-	tcp	22
--- a/Show More
+++ b/Show More