Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code

Shorewall/action.A_Drop

@@ -1,30 +1,25 @@
 #
-# Shorewall version 5 - Drop Action
+# Shorewall -- /usr/share/shorewall/action.A_Drop
 #
-# /usr/share/shorewall/action.A_Drop
+# The audited default DROP common rules
 #
-#	The audited default DROP common rules
+# This action is invoked before a DROP policy is enforced. The purpose
+# of the action is:
 #
-#	This action is invoked before a DROP policy is enforced. The purpose
+# a) Avoid logging lots of useless cruft.
-#	of the action is:
+# b) Ensure that certain ICMP packets that are necessary for successful
-#
+#    internet operation are always ACCEPTed.
-#	a) Avoid logging lots of useless cruft.
-#	b) Ensure that 'auth' requests are rejected, even if the policy is
-#	   DROP. Otherwise, you may experience problems establishing
-#	   connections with servers that use auth.
-#	c) Ensure that certain ICMP packets that are necessary for successful
-#	   internet operation are always ACCEPTed.
 #
 # IF YOU ARE HAVING CONNECTION PROBLEMS, CHANGING THIS FILE WON'T HELP!!!!!!!!!
 #
 ###############################################################################
-#TARGET		SOURCE	DEST	PROTO	DPORT	SPORT
+#ACTION		SOURCE	DEST	PROTO	DPORT	SPORT
 #
 # Count packets that come through here
 #
 COUNT
 #
-# Silently DROP 'auth'
+# Special Handling for Auth
 #
 Auth(A_DROP)
 #

Shorewall/action.A_Reject

@@ -1,20 +1,18 @@
 #
-# Shorewall version 5 - Reject Action
+# Shorewall -- /usr/share/shorewall/action.A_Reject
 #
-# /usr/share/shorewall/action.A_Reject
+# The audited default REJECT action common rules
 #
-#	The audited default REJECT action common rules
+# This action is invoked before a REJECT policy is enforced. The purpose
+# of the action is:
 #
-#	This action is invoked before a REJECT policy is enforced. The purpose
+# a) Avoid logging lots of useless cruft.
-#	of the action is:
+# b) Ensure that certain ICMP packets that are necessary for successful
-#
+#    internet operation are always ACCEPTed.
-#	a) Avoid logging lots of useless cruft.
-#	b) Ensure that certain ICMP packets that are necessary for successful
-#	   internet operation are always ACCEPTed.
 #
 # IF YOU ARE HAVING CONNECTION PROBLEMS, CHANGING THIS FILE WON'T HELP!!!!!!!!!
 ###############################################################################
-#TARGET		SOURCE	DEST	PROTO
+#ACTION		SOURCE	DEST	PROTO
 #
 # Count packets that come through here
 #

Shorewall/action.AutoBL

@@ -1,22 +1,24 @@
 #
-# Shorewall version 5 - Auto Blacklist Action
+# Shorewall -- /usr/share/shorewall/action.AutoBL
+#
+# Auto Blacklist Action
 #
 # Parameters are:
 #
-#    Event          - Name of the event to associate with this blacklist
+# Event          - Name of the event to associate with this blacklist
-#    Interval
+#                  Interval
-#    Count          - Interval and number of Packets to trigger blacklisting
+# Count          - Interval and number of Packets to trigger blacklisting
-#                     Default is 60 seconds and 5 packets.
+#                  Default is 60 seconds and 5 packets.
-#    Successive     - If a matching packet arrives within this many
+# Successive     - If a matching packet arrives within this many
-#                     seconds of the preceding one, it should be logged
+#                  seconds of the preceding one, it should be logged
-#                     and dealt with according to the Disposition and
+#                  and dealt with according to the Disposition and
-#                     Log Level parameters below. Default is 2 seconds.
+#                  Log Level parameters below. Default is 2 seconds.
-#    Blacklist time - Number of seconds to blacklist
+# Blacklist time - Number of seconds to blacklist
-#                     Default is 300 (5 minutes)
+#                  Default is 300 (5 minutes)
-#    Disposition    - Disposition of blacklisted packets
+# Disposition    - Disposition of blacklisted packets
-#                     Default is DROP
+#                  Default is DROP
-#    Log Level      - Level to Log Rejects
+# Log Level      - Level to Log Rejects
-#                     Default is info (6)
+#                  Default is info (6)
 #
 ###############################################################################
 
@@ -37,7 +39,7 @@ validate_level( $level );
 1;
 ?end perl
 ###############################################################################
-#TARGET		SOURCE	DEST	PROTO	DPORT	SPORT
+#ACTION		SOURCE	DEST	PROTO	DPORT	SPORT
 #
 # Silently reject the client if blacklisted
 #

Shorewall/action.AutoBLL

@@ -1,13 +1,16 @@
 #
-# Shorewall version 5 - Auto Blacklisting Logger Action
+# Shorewall -- /usr/share/shorewall/action.AutoBLL
+#
+# Auto Blacklisting Logger Action
 #
 # Arguments are
 #
-#    Event:       Name of the blacklisted event
+# Event       - Name of the blacklisted event
-#    Disposition: What to do with packets
+# Disposition - What to do with packets
-#    Level:       Log level and optional tag for logging.
+# Level       - Log level and optional tag for logging
+#
 ###############################################################################
-#TARGET		SOURCE	DEST	PROTO	DPORT	SPORT
+#ACTION		SOURCE	DEST	PROTO	DPORT	SPORT
 #
 # Log the Reject
 #

Shorewall/action.Broadcast

@@ -1,32 +1,30 @@
 #
-# Shorewall 4 - Broadcast Action
+# Shorewall -- /usr/share/shorewall/action.Broadcast
 #
-#    /usr/share/shorewall/action.Broadcast
+# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+# (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
 #
-#     (c) 2011 - Tom Eastep (teastep@shorewall.net)
+# Complete documentation is available at http://shorewall.net
 #
-#       Complete documentation is available at http://shorewall.net
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of Version 2 of the GNU General Public License
+# as published by the Free Software Foundation.
 #
-#       This program is free software; you can redistribute it and/or modify
+# This program is distributed in the hope that it will be useful,
-#       it under the terms of Version 2 of the GNU General Public License
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       as published by the Free Software Foundation.
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
 #
-#       This program is distributed in the hope that it will be useful,
+# You should have received a copy of the GNU General Public License
-#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+# along with this program; if not, write to the Free Software
-#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-#       GNU General Public License for more details.
 #
-#       You should have received a copy of the GNU General Public License
+# Broadcast[([<action>|-[,{audit|-}])]
-#       along with this program; if not, write to the Free Software
-#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-#   Broadcast[([<action>|-[,{audit|-}])]
+# Default action is DROP
 #
-#       Default action is DROP
+###############################################################################
-#
-##########################################################################################
 
 DEFAULTS DROP,-
 

Shorewall/action.DNSAmp

@@ -1,32 +1,33 @@
 #
-# Shorewall 5 - DNS Amplification Action
+# Shorewall -- /usr/share/shorewall/action.DNSAmp
 #
-#    /usr/share/shorewall/action.DNSAmp
+#  DNS Amplification Action
 #
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-#     (c) 2011,2012 - Tom Eastep (teastep@shorewall.net)
+# (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
 #
-#       Complete documentation is available at http://shorewall.net
+# Complete documentation is available at http://shorewall.net
 #
-#       This program is free software; you can redistribute it and/or modify
+# This program is free software; you can redistribute it and/or modify
-#       it under the terms of Version 2 of the GNU General Public License
+# it under the terms of Version 2 of the GNU General Public License
-#       as published by the Free Software Foundation.
+# as published by the Free Software Foundation.
 #
-#       This program is distributed in the hope that it will be useful,
+# This program is distributed in the hope that it will be useful,
-#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       GNU General Public License for more details.
+# GNU General Public License for more details.
 #
-#       You should have received a copy of the GNU General Public License
+# You should have received a copy of the GNU General Public License
-#       along with this program; if not, write to the Free Software
+# along with this program; if not, write to the Free Software
-#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-#   DNSAmp[([<action>])]
+# DNSAmp[([<action>])]
 #
-#       Default action is DROP
+# Default action is DROP
 #
-##########################################################################################
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DPORT
 
 DEFAULTS DROP
 

Shorewall/action.Drop

@@ -1,29 +1,27 @@
 #
-# Shorewall version 5 - Drop Action
+# Shorewall -- /usr/share/shorewall/action.Drop
 #
-# /usr/share/shorewall/action.Drop
+# The default DROP common rules
 #
-#	The default DROP common rules
+# This action is invoked before a DROP policy is enforced. The purpose
+# of the action is:
 #
-#	This action is invoked before a DROP policy is enforced. The purpose
+# a) Avoid logging lots of useless cruft.
-#	of the action is:
+# b) Ensure that certain ICMP packets that are necessary for successful
+#    internet operation are always ACCEPTed.
 #
-#	a) Avoid logging lots of useless cruft.
+# The action accepts five optional parameters:
-#	b) Ensure that certain ICMP packets that are necessary for successful
-#	   internet operation are always ACCEPTed.
 #
-#  The action accepts five optional parameters:
+# 1 - 'audit' or '-'. Default is '-' which means don't audit in builtin
-#
+#     actions.
-#	1 - 'audit' or '-'. Default is '-' which means don't audit in builtin
+# 2 - Action to take with Auth requests. Default is to do nothing special
-#           actions.
+#     with them.
-#       2 - Action to take with Auth requests. Default is to do nothing special
+# 3 - Action to take with SMB requests. Default is DROP or A_DROP,
-#	    with them.
+#     depending on the setting of the first parameter.
-#	3 - Action to take with SMB requests. Default is DROP or A_DROP,
+# 4 - Action to take with required ICMP packets. Default is ACCEPT or
-#           depending on the setting of the first parameter.
+#     A_ACCEPT depending on the first parameter.
-#       4 - Action to take with required ICMP packets. Default is ACCEPT or
+# 5 - Action to take with late UDP replies (UDP source port 53). Default
-#           A_ACCEPT depending on the first parameter.
+#     is DROP or A_DROP depending on the first parameter.
-#       5 - Action to take with late UDP replies (UDP source port 53). Default
-#           is DROP or A_DROP depending on the first parameter.
 #
 # IF YOU ARE HAVING CONNECTION PROBLEMS, CHANGING THIS FILE WON'T HELP!!!!!!!!!
 #
@@ -39,7 +37,7 @@ DEFAULTS -,-,A_DROP,A_ACCEPT,A_DROP
 DEFAULTS -,-,DROP,ACCEPT,DROP
 ?endif
 
-#TARGET		SOURCE	DEST	PROTO	DPORT	SPORT
+#ACTION		SOURCE	DEST	PROTO	DPORT	SPORT
 #
 # Count packets that come through here
 #

Shorewall/action.DropSmurfs

@@ -1,14 +1,14 @@
 #
-# Shorewall version 5 - Drop Smurfs Action
+# Shorewall -- /usr/share/shorewall/action.DropSmurfs
 #
-# /usr/share/shorewall/action.DropSmurfs
+# Drop Smurfs Action
 #
-#   Accepts a single optional parameter:
+# Accepts a single optional parameter:
 #
-#          -     = Do not Audit
+# -     = Do not Audit
-#          audit = Audit dropped packets.
+# audit = Audit dropped packets.
 #
-#################################################################################
+###############################################################################
 
 DEFAULTS -
 
@@ -79,8 +79,3 @@ if ( $family == F_IPV4 ) {
 }
 
 ?end perl;
-
-
-
-
-

Shorewall/action.Established

@@ -1,32 +1,32 @@
 #
-# Shorewall 5 - Established Action
+# Shorewall -- /usr/share/shorewall/action.Established
 #
-#    /usr/share/shorewall/action.Established
+# Established Action
 #
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-#     (c) 2011,2012 - Tom Eastep (teastep@shorewall.net)
+# (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
 #
-#       Complete documentation is available at http://shorewall.net
+# Complete documentation is available at http://shorewall.net
 #
-#       This program is free software; you can redistribute it and/or modify
+# This program is free software; you can redistribute it and/or modify
-#       it under the terms of Version 2 of the GNU General Public License
+# it under the terms of Version 2 of the GNU General Public License
-#       as published by the Free Software Foundation.
+# as published by the Free Software Foundation.
 #
-#       This program is distributed in the hope that it will be useful,
+# This program is distributed in the hope that it will be useful,
-#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       GNU General Public License for more details.
+# GNU General Public License for more details.
 #
-#       You should have received a copy of the GNU General Public License
+# You should have received a copy of the GNU General Public License
-#       along with this program; if not, write to the Free Software
+# along with this program; if not, write to the Free Software
-#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-#   Established[([<action>])]
+# Established[([<action>])]
 #
-#       Default action is ACCEPT
+# Default action is ACCEPT
 #
-##########################################################################################
+###############################################################################
 
 DEFAULTS ACCEPT
 

Shorewall/action.GlusterFS

@@ -1,13 +1,14 @@
 #
-# Shorewall version 5 - GlusterFS Handler for GlusterFS 3.4 and Later
+# Shorewall -- /usr/share/shorewall/action.GlusterFS
 #
-# /etc/shorewall/action.GlusterFS
+# GlusterFS Handler for GlusterFS 3.4 and Later
 #
 # Parameters:
-#	Bricks:		Number of bricks
-#	IB:		0 or 1, indicating whether Infiniband is used or not
 #
-#########################################################################################
+# Bricks - Number of bricks
+# IB     - 0 or 1, indicating whether Infiniband is used or not
+#
+###############################################################################
 
 DEFAULTS 2,0
 
@@ -17,8 +18,8 @@ DEFAULTS 2,0
     ?error Invalid value for IB (@2)
 ?endif
 
-#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME         HEADERS         SWITCH        HELPER
+#ACTION		SOURCE		DEST		PROTO	DPORT
-#							PORT	PORT(S)		DEST		LIMIT		GROUP
+
 ACCEPT		-		-		udp	111,2049
 ACCEPT		-		-		tcp	38465:38467
 
@@ -31,4 +32,3 @@ ACCEPT		-		-		tcp	24007
 ?set last_port 49150 + @{1}
 
 ACCEPT		-		-		tcp	49151:$last_port
-

Shorewall/action.IfEvent

@@ -1,34 +1,38 @@
 #
-# Shorewall version 5 - Perform an Action based on a Event
+# Shorewall -- /usr/share/shorewall/action.IfEvent
 #
-# /etc/shorewall/action.IfEvent
+# Perform an Action based on a Event
 #
 # Parameters:
-#    Event:        Must start with a letter and be composed of letters, digits, '-', and '_'.
-#    Action:       Anything that can appear in the ACTION column of a rule.
-#    Duration:     Duration in seconds over which the event is to be tested.
-#    Hit Count:    Number of packets seen within the duration -- default is 1
-#    Src or Dest:  'src' (default) or 'dst'. Determines if the event is associated with the source
-#                  address (src) or destination address (dst)
-#    Command:      'check' (default) 'reset', or 'update'. If 'reset', the event will be reset before
-#                  the Action is taken. If 'update', the timestamp associated with the event will
-#                  be updated and the action taken if the time limit/hitcount are matched.
-#                  If '-', the action will be taken if the limit/hitcount are matched but the
-#                  event's timestamp will not be updated.
 #
-#                  If a duration is specified, then 'checkreap' and 'updatereap' may also
+# Event        - Must start with a letter and be composed of letters, digits,
-#                  be used. These are like 'check' and 'update' respectively, but they also
+#                '-', and '_'.
-#                  remove any event entries for the IP address that are older than <duration>
+# Action       - Anything that can appear in the ACTION column of a rule.
-#                  seconds.
+# Duration     - Duration in seconds over which the event is to be tested.
-#    Disposition:  Disposition for any event generated.
+# Hit Count    - Number of packets seen within the duration -- default is 1
+# Src or Dest  - 'src' (default) or 'dst'. Determines if the event is
+#                associated with the source address (src) or destination
+#                address (dst)
+# Command      - 'check' (default) 'reset', or 'update'. If 'reset',
+#                the event will be reset before the Action is taken.
+#                If 'update', the timestamp associated with the event will
+#                be updated and the action taken if the time limit/hitcount
+#                are matched.
+#                If '-', the action will be taken if the limit/hitcount are
+#                matched but the event's timestamp will not be updated.
+#
+#                If a duration is specified, then 'checkreap' and 'updatereap'
+#                may also be used. These are like 'check' and 'update'
+#                respectively, but they also remove any event entries for
+#                the IP address that are older than <duration> seconds.
+# Disposition  - Disposition for any event generated.
 #
 # For additional information, see http://www.shorewall.net/Events.html
 #
-#######################################################################################################
+###############################################################################
 #                                         DO NOT REMOVE THE FOLLOWING LINE
-#################################################################################################################################################################################################
+###############################################################################
-#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME         HEADERS         SWITCH        HELPER
+#ACTION		SOURCE		DEST		PROTO	DPORT	SPORT
-#							PORT	PORT(S)		DEST		LIMIT		GROUP
 
 DEFAULTS -,ACCEPT,-,1,src,check,-
 

Shorewall/action.Invalid

@@ -1,35 +1,35 @@
 #
-# Shorewall 4 - Invalid Action
+# Shorewall -- /usr/share/shorewall/action.Invalid
 #
-#    /usr/share/shorewall/action.Invalid
+# Invalid Action
+# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+# (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
 #
-#     (c) 2011,2012 - Tom Eastep (teastep@shorewall.net)
+# Complete documentation is available at http://shorewall.net
 #
-#       Complete documentation is available at http://shorewall.net
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of Version 2 of the GNU General Public License
+# as published by the Free Software Foundation.
 #
-#       This program is free software; you can redistribute it and/or modify
+# This program is distributed in the hope that it will be useful,
-#       it under the terms of Version 2 of the GNU General Public License
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       as published by the Free Software Foundation.
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
 #
-#       This program is distributed in the hope that it will be useful,
+# You should have received a copy of the GNU General Public License
-#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+# along with this program; if not, write to the Free Software
-#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-#       GNU General Public License for more details.
 #
-#       You should have received a copy of the GNU General Public License
+# Invalid[([<action>])]
-#       along with this program; if not, write to the Free Software
-#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-#   Invalid[([<action>])]
+# Default action is DROP
 #
-#       Default action is DROP
+###############################################################################
-#
-##########################################################################################
 
 DEFAULTS DROP,-
 
 #
-# All logic for this action is triggered by the 'audit' and 'state' options in actions.std
+# All logic for this action is triggered by the 'audit' and 'state' options
+# in actions.std
 #

Shorewall/action.New

@@ -1,32 +1,32 @@
 #
-# Shorewall 4 - New Action
+# Shorewall -- /usr/share/shorewall/action.New
 #
-#    /usr/share/shorewall/action.New
+# New Action
 #
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-#     (c) 2011,2012 - Tom Eastep (teastep@shorewall.net)
+# (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
 #
-#       Complete documentation is available at http://shorewall.net
+# Complete documentation is available at http://shorewall.net
 #
-#       This program is free software; you can redistribute it and/or modify
+# This program is free software; you can redistribute it and/or modify
-#       it under the terms of Version 2 of the GNU General Public License
+# it under the terms of Version 2 of the GNU General Public License
-#       as published by the Free Software Foundation.
+# as published by the Free Software Foundation.
 #
-#       This program is distributed in the hope that it will be useful,
+# This program is distributed in the hope that it will be useful,
-#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       GNU General Public License for more details.
+# GNU General Public License for more details.
 #
-#       You should have received a copy of the GNU General Public License
+# You should have received a copy of the GNU General Public License
-#       along with this program; if not, write to the Free Software
+# along with this program; if not, write to the Free Software
-#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-#   New[([<action>])]
+# New[([<action>])]
 #
-#       Default action is ACCEPT
+# Default action is ACCEPT
 #
-##########################################################################################
+###############################################################################
 
 DEFAULTS ACCEPT
 

Shorewall/action.NotSyn

@@ -1,32 +1,32 @@
 #
-# Shorewall 4 - NotSyn Action
+# Shorewall -- /usr/share/shorewall/action.NotSyn
 #
-#    /usr/share/shorewall/action.NotSyn
+# NotSyn Action
 #
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-#     (c) 2011 - Tom Eastep (teastep@shorewall.net)
+# (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
 #
-#       Complete documentation is available at http://shorewall.net
+# Complete documentation is available at http://shorewall.net
 #
-#       This program is free software; you can redistribute it and/or modify
+# This program is free software; you can redistribute it and/or modify
-#       it under the terms of Version 2 of the GNU General Public License
+# it under the terms of Version 2 of the GNU General Public License
-#       as published by the Free Software Foundation.
+# as published by the Free Software Foundation.
 #
-#       This program is distributed in the hope that it will be useful,
+# This program is distributed in the hope that it will be useful,
-#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       GNU General Public License for more details.
+# GNU General Public License for more details.
 #
-#       You should have received a copy of the GNU General Public License
+# You should have received a copy of the GNU General Public License
-#       along with this program; if not, write to the Free Software
+# along with this program; if not, write to the Free Software
-#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-#   NotSyn[([<action>])]
+# NotSyn[([<action>])]
 #
-#       Default action is DROP
+# Default action is DROP
 #
-##########################################################################################
+###############################################################################
 
 DEFAULTS DROP,-
 

Shorewall/action.RST

@@ -1,32 +1,32 @@
 #
-# Shorewall 4 - RST Action
+# Shorewall -- /usr/share/shorewall/action.RST
 #
-#    /usr/share/shorewall/action.RST
+# RST Action
 #
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-#     (c) 2012 - Tom Eastep (teastep@shorewall.net)
+# (c) 2012-2016 Tom Eastep (teastep@shorewall.net)
 #
-#       Complete documentation is available at http://shorewall.net
+# Complete documentation is available at http://shorewall.net
 #
-#       This program is free software; you can redistribute it and/or modify
+# This program is free software; you can redistribute it and/or modify
-#       it under the terms of Version 2 of the GNU General Public License
+# it under the terms of Version 2 of the GNU General Public License
-#       as published by the Free Software Foundation.
+# as published by the Free Software Foundation.
 #
-#       This program is distributed in the hope that it will be useful,
+# This program is distributed in the hope that it will be useful,
-#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       GNU General Public License for more details.
+# GNU General Public License for more details.
 #
-#       You should have received a copy of the GNU General Public License
+# You should have received a copy of the GNU General Public License
-#       along with this program; if not, write to the Free Software
+# along with this program; if not, write to the Free Software
-#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-#   RST[([<action>])]
+# RST[([<action>])]
 #
-#       Default action is DROP
+# Default action is DROP
 #
-##########################################################################################
+###############################################################################
 
 DEFAULTS DROP,-
 

Shorewall/action.Reject

@@ -1,29 +1,27 @@
 #
-# Shorewall version 5 - Reject Action
+# Shorewall -- /usr/share/shorewall/action.Reject
 #
-# /usr/share/shorewall/action.Reject
+# The default REJECT action common rules
 #
-#	The default REJECT action common rules
+# This action is invoked before a REJECT policy is enforced. The purpose
+# of the action is:
 #
-#	This action is invoked before a REJECT policy is enforced. The purpose
+# a) Avoid logging lots of useless cruft.
-#	of the action is:
+# b) Ensure that certain ICMP packets that are necessary for successful
+#    internet operation are always ACCEPTed.
 #
-#	a) Avoid logging lots of useless cruft.
+# The action accepts five optional parameters:
-#	b) Ensure that certain ICMP packets that are necessary for successful
-#	   internet operation are always ACCEPTed.
 #
-#  The action accepts five optional parameters:
+# 1 - 'audit' or '-'. Default is '-' which means don't audit in builtin
-#
+#     actions.
-#	1 - 'audit' or '-'. Default is '-' which means don't audit in builtin
+# 2 - Action to take with Auth requests. Default is to do nothing
-#           actions.
+#     special with them.
-#       2 - Action to take with Auth requests. Default is to do nothing
+# 3 - Action to take with SMB requests. Default is REJECT or A_REJECT,
-#	    special with them.
+#     depending on the setting of the first parameter.
-#	3 - Action to take with SMB requests. Default is REJECT or A_REJECT,
+# 4 - Action to take with required ICMP packets. Default is ACCEPT or
-#           depending on the setting of the first parameter.
+#     A_ACCEPT depending on the first parameter.
-#       4 - Action to take with required ICMP packets. Default is ACCEPT or
+# 5 - Action to take with late UDP replies (UDP source port 53). Default
-#           A_ACCEPT depending on the first parameter.
+#     is DROP or A_DROP depending on the first parameter.
-#       5 - Action to take with late UDP replies (UDP source port 53). Default
-#           is DROP or A_DROP depending on the first parameter.
 #
 # IF YOU ARE HAVING CONNECTION PROBLEMS, CHANGING THIS FILE WON'T HELP!!!!!!!!!
 ###############################################################################
@@ -38,7 +36,7 @@ DEFAULTS -,-,A_REJECT,A_ACCEPT,A_DROP
 DEFAULTS -,-,REJECT,ACCEPT,DROP
 ?endif
 
-#TARGET		SOURCE	DEST	PROTO
+#ACTION		SOURCE	DEST	PROTO
 #
 # Count packets that come through here
 #

Shorewall/action.Related

@@ -1,32 +1,32 @@
 #
-# Shorewall 4 - Related Action
+# Shorewall -- /usr/share/shorewall/action.Related
 #
-#    /usr/share/shorewall/action.Related
+# Related Action
 #
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-#     (c) 2011,2012 - Tom Eastep (teastep@shorewall.net)
+# (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
 #
-#       Complete documentation is available at http://shorewall.net
+# Complete documentation is available at http://shorewall.net
 #
-#       This program is free software; you can redistribute it and/or modify
+# This program is free software; you can redistribute it and/or modify
-#       it under the terms of Version 2 of the GNU General Public License
+# it under the terms of Version 2 of the GNU General Public License
-#       as published by the Free Software Foundation.
+# as published by the Free Software Foundation.
 #
-#       This program is distributed in the hope that it will be useful,
+# This program is distributed in the hope that it will be useful,
-#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       GNU General Public License for more details.
+# GNU General Public License for more details.
 #
-#       You should have received a copy of the GNU General Public License
+# You should have received a copy of the GNU General Public License
-#       along with this program; if not, write to the Free Software
+# along with this program; if not, write to the Free Software
-#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-#   Related[([<action>])]
+# Related[([<action>])]
 #
-#       Default action is DROP
+# Default action is DROP
 #
-##########################################################################################
+###############################################################################
 
 DEFAULTS DROP
 

Shorewall/action.ResetEvent

@@ -1,22 +1,24 @@
 #
-# Shorewall version 5 - Reset an Event
+# Shorewall -- /etc/shorewall/action.ResetEvent
 #
-# /etc/shorewall/action.ResetEvent
+# Reset an Event
 #
 # Parameters:
-#    Event:       Must start with a letter and be composed of letters, digits, '-', and '_'.
+#
-#    Action:      Action to perform after setting the event. Default is ACCEPT
+# Event       - Must start with a letter and be composed of letters, digits,
-#    Src or Dest: 'src' (default) or 'dst'. Determines if the event is associated with the source
+#               '-', and '_'.
-#                 address (src) or destination address (dst)
+# Action      - Action to perform after setting the event. Default is ACCEPT
-#    Disposition: Disposition for any rule generated.
+# Src or Dest - 'src' (default) or 'dst'. Determines if the event is
+#               associated with the source address (src) or destination
+#               address (dst)
+# Disposition - Disposition for any rule generated.
 #
 # For additional information, see http://www.shorewall.net/Events.html
 #
-#######################################################################################################
+###############################################################################
-#                                         DO NOT REMOVE THE FOLLOWING LINE
+#                        DO NOT REMOVE THE FOLLOWING LINE
-#################################################################################################################################################################################################
+##############################################################################################################################################################
-#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME         HEADERS         SWITCH        HELPER
+#ACTION		SOURCE		DEST		PROTO	DPORT	SPORT	ORIGDEST	RATE	USER	MARK	CONNLIMIT	TIME	HEADERS	SWITCH	HELPER
-#							PORT	PORT(S)		DEST		LIMIT		GROUP
 
 DEFAULTS -,ACCEPT,src,-
 

Shorewall/action.SetEvent

@@ -1,14 +1,17 @@
 #
-# Shorewall version 5 - Set an Event
+# Shorewall -- /usr/share/shorewall/action.SetEvent
 #
-# /etc/shorewall/action.SetEvent
+# Set an Event
 #
 # Parameters:
-#    Event:       Must start with a letter and be composed of letters, digits, '-', and '_'.
+#
-#    Action:      Action to perform after setting the event. Default is ACCEPT
+# Event       - Must start with a letter and be composed of letters, digits,
-#    Src or Dest: 'src' (default) or 'dst'. Determines if the event is associated with the source
+#               '-', and '_'.
-#                 address (src) or destination address (dst)
+# Action      - Action to perform after setting the event. Default is ACCEPT
-#    Disposition: Disposition for any event generated.
+# Src or Dest - 'src' (default) or 'dst'. Determines if the event is
+#               associated with the source address (src) or destination
+#               address (dst)
+# Disposition - Disposition for any event generated.
 #
 # For additional information, see http://www.shorewall.net/Events.html
 #

Shorewall/action.TCPFlags

@@ -1,14 +1,14 @@
 #
-# Shorewall version 5 - Drop TCPFlags Action
+# Shorewall -- /usr/share/shorewall/action.TCPFlags
 #
-# /usr/share/shorewall/action.TCPFlags
+# Drop TCPFlags Action
 #
-#   Accepts a single optional parameter:
+# Accepts a single optional parameter:
 #
-#          -     = Do not Audit
+# -     = Do not Audit
-#          audit = Audit dropped packets.
+# audit = Audit dropped packets.
 #
-#################################################################################
+###############################################################################
 
 DEFAULTS -
 

Shorewall/action.Untracked

@@ -1,32 +1,33 @@
 #
-# Shorewall 4 - Untracked Action
+# Shorewall --/usr/share/shorewall/action.Untracked
 #
-#    /usr/share/shorewall/action.Untracked
+# Untracked Action
 #
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-#     (c) 2011,2012 - Tom Eastep (teastep@shorewall.net)
+# (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
 #
-#       Complete documentation is available at http://shorewall.net
+# Complete documentation is available at http://shorewall.net
 #
-#       This program is free software; you can redistribute it and/or modify
+# This program is free software; you can redistribute it and/or modify
-#       it under the terms of Version 2 of the GNU General Public License
+# it under the terms of Version 2 of the GNU General Public License
-#       as published by the Free Software Foundation.
+# as published by the Free Software Foundation.
 #
-#       This program is distributed in the hope that it will be useful,
+# This program is distributed in the hope that it will be useful,
-#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       GNU General Public License for more details.
+# GNU General Public License for more details.
 #
-#       You should have received a copy of the GNU General Public License
+# You should have received a copy of the GNU General Public License
-#       along with this program; if not, write to the Free Software
+# along with this program; if not, write to the Free Software
-#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-#   Untracked[([<action>])]
+# Untracked[([<action>])]
 #
-#       Default action is DROP
+# Default action is DROP
 #
-##########################################################################################
+###############################################################################
+
 DEFAULTS DROP
 
 #

Shorewall/action.allowInvalid

@@ -1,30 +1,28 @@
-\#
-# Shorewall 4 - allowInvalid Action
 #
-#    /usr/share/shorewall/action.allowInvalid
+# Shorewall -- /usr/share/shorewall/action.allowInvalid
 #
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-#     (c) 2011 - Tom Eastep (teastep@shorewall.net)
+# (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
 #
-#       Complete documentation is available at http://shorewall.net
+# Complete documentation is available at http://shorewall.net
 #
-#       This program is free software; you can redistribute it and/or modify
+# This program is free software; you can redistribute it and/or modify
-#       it under the terms of Version 2 of the GNU General Public License
+# it under the terms of Version 2 of the GNU General Public License
-#       as published by the Free Software Foundation.
+# as published by the Free Software Foundation.
 #
-#       This program is distributed in the hope that it will be useful,
+# This program is distributed in the hope that it will be useful,
-#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       GNU General Public License for more details.
+# GNU General Public License for more details.
 #
-#       You should have received a copy of the GNU General Public License
+# You should have received a copy of the GNU General Public License
-#       along with this program; if not, write to the Free Software
+# along with this program; if not, write to the Free Software
-#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-#   allowInvalid[([audit])]
+#  allowInvalid[([audit])]
 #
-##########################################################################################
+###############################################################################
 
 DEFAULTS -
 

Shorewall/action.dropInvalid

@@ -1,32 +1,30 @@
 #
-# Shorewall 5 - dropInvalid Action
+# Shorewall -- /usr/share/shorewall/action.dropInvalid
 #
-#    /usr/share/shorewall/action.dropInvalid
+# dropInvalid Action
 #
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-#     (c) 2011 - Tom Eastep (teastep@shorewall.net)
+# (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
 #
-#       Complete documentation is available at http://shorewall.net
+# Complete documentation is available at http://shorewall.net
 #
-#       This program is free software; you can redistribute it and/or modify
+# This program is free software; you can redistribute it and/or modify
-#       it under the terms of Version 2 of the GNU General Public License
+# it under the terms of Version 2 of the GNU General Public License
-#       as published by the Free Software Foundation.
+# as published by the Free Software Foundation.
 #
-#       This program is distributed in the hope that it will be useful,
+# This program is distributed in the hope that it will be useful,
-#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       GNU General Public License for more details.
+# GNU General Public License for more details.
 #
-#       You should have received a copy of the GNU General Public License
+# You should have received a copy of the GNU General Public License
-#       along with this program; if not, write to the Free Software
+# along with this program; if not, write to the Free Software
-#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-#   dropInvalid[([audit])]
+# dropInvalid[([audit])]
 #
-##########################################################################################
+###############################################################################
-
-DEFAULTS -
 
 DEFAULTS -
 

Shorewall/action.mangletemplate

@@ -1,20 +1,20 @@
 #
-# Shorewall version 5 - Mangle Action Template
+# Shorewall -- /etc/shorewall/action.mangletemplate
 #
-# /etc/shorewall/action.mangletemplate
+# Mangle Action Template
 #
-#	This file is a template for files with names of the form
+# This file is a template for files with names of the form
-#	/etc/shorewall/action.<action-name> where <action> is an
+# /etc/shorewall/action.<action-name> where <action> is an
-#	ACTION defined with the mangle option in /etc/shorewall/actions.
+# ACTION defined with the mangle option in /etc/shorewall/actions.
 #
-#	To define a new action:
+# To define a new action:
 #
-#	1. Add the <action name> to /etc/shorewall/actions with the mangle option
+# 1. Add the <action name> to /etc/shorewall/actions with the mangle option
-#	2. Copy this file to /etc/shorewall/action.<action name>
+# 2. Copy this file to /etc/shorewall/action.<action name>
-#	3. Add the desired rules to that file.
+# 3. Add the desired rules to that file.
 #
-#	Please see http://shorewall.net/Actions.html for additional
+# Please see http://shorewall.net/Actions.html for additional
-#	information.
+# information.
 #
 # Columns are the same as in /etc/shorewall/mangle.
 #

Shorewall/action.template

@@ -1,20 +1,20 @@
 #
-# Shorewall version 5 - Action Template
+# Shorewall -- /usr/share/shorewall/action.template
 #
-# /etc/shorewall/action.template
+# Action Template
 #
-#	This file is a template for files with names of the form
+# This file is a template for files with names of the form
-#	/etc/shorewall/action.<action-name> where <action> is an
+# /etc/shorewall/action.<action-name> where <action> is an
-#	ACTION defined in /etc/shorewall/actions.
+# ACTION defined in /etc/shorewall/actions.
 #
-#	To define a new action:
+# To define a new action:
 #
-#	1. Add the <action name> to /etc/shorewall/actions
+# 1. Add the <action name> to /etc/shorewall/actions
-#	2. Copy this file to /etc/shorewall/action.<action name>
+# 2. Copy this file to /etc/shorewall/action.<action name>
-#	3. Add the desired rules to that file.
+# 3. Add the desired rules to that file.
 #
-#	Please see http://shorewall.net/Actions.html for additional
+# Please see http://shorewall.net/Actions.html for additional
-#	information.
+# information.
 #
 # Columns are the same as in /etc/shorewall/rules.
 #

Shorewall/modules.essential

@@ -1,16 +1,16 @@
 #
-# Shorewall version 5 - Essential Modules File
+# Shorewall -- /usr/share/shorewall/modules.essential
 #
-# /usr/share/shorewall/modules.essential
+# Essential Modules File
 #
-#	This file loads the modules that may be needed by the firewall.
+# This file loads the modules that may be needed by the firewall.
 #
-#	THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
+# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
-#	dependency order. i.e., if M2 depends on M1 then you must load M1
+# dependency order. i.e., if M2 depends on M1 then you must load M1
-#	before you load M2.
+# before you load M2.
 #
-#  If you need to modify this file, copy it to /etc/shorewall and modify the
+# If you need to modify this file, copy it to /etc/shorewall and modify the
-#  copy.
+# copy.
 #
 ###############################################################################
 #

Shorewall/modules.extensions

@@ -1,16 +1,16 @@
 #
-# Shorewall version 5 - Extensions Modules File
+# Shorewall -- /usr/share/shorewall/modules.extensions
 #
-# /usr/share/shorewall/modules.extensions
+# Extensions Modules File
 #
-#	This file loads the modules that may be needed by the firewall.
+# This file loads the modules that may be needed by the firewall.
 #
-#	THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
+# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
-#	dependency order. i.e., if M2 depends on M1 then you must load M1
+# dependency order. i.e., if M2 depends on M1 then you must load M1
-#	before you load M2.
+# before you load M2.
 #
-#  If you need to modify this file, copy it to /etc/shorewall and modify the
+# If you need to modify this file, copy it to /etc/shorewall and modify the
-#  copy.
+# copy.
 #
 ###############################################################################
 loadmodule ipt_addrtype

Shorewall/modules.ipset

@@ -1,16 +1,16 @@
 #
-# Shorewall version 5 - IP Set Modules File
+# Shorewall -- /usr/share/shorewall/modules.ipset
 #
-# /usr/share/shorewall/modules.ipset
+# IP Set Modules File
 #
-#	This file loads the modules that may be needed by the firewall.
+# This file loads the modules that may be needed by the firewall.
 #
-#	THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
+# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
-#	dependency order. i.e., if M2 depends on M1 then you must load M1
+# dependency order. i.e., if M2 depends on M1 then you must load M1
-#	before you load M2.
+# before you load M2.
 #
-#  If you need to modify this file, copy it to /etc/shorewall and modify the
+# If you need to modify this file, copy it to /etc/shorewall and modify the
-#  copy.
+# copy.
 #
 ###############################################################################
 loadmodule xt_set

Shorewall/modules.tc

@@ -1,16 +1,16 @@
 #
-# Shorewall version 5 - Traffic Shaping Modules File
+# Shorewall -- /usr/share/shorewall/modules.tc
 #
-# /usr/share/shorewall/modules.tc
+# Traffic Shaping Modules File
 #
-#	This file loads the modules that may be needed by the firewall.
+# This file loads the modules that may be needed by the firewall.
 #
-#	THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
+# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
-#	dependency order. i.e., if M2 depends on M1 then you must load M1
+# dependency order. i.e., if M2 depends on M1 then you must load M1
-#	before you load M2.
+# before you load M2.
 #
-#  If you need to modify this file, copy it to /etc/shorewall and modify the
+# If you need to modify this file, copy it to /etc/shorewall and modify the
-#  copy.
+# copy.
 #
 ###############################################################################
 loadmodule sch_sfq

Shorewall/modules.xtables

@@ -1,16 +1,16 @@
 #
-# Shorewall version 5 - Xtables Modules File
+# Shorewall -- /usr/share/shorewall/modules.xtables
 #
-# /usr/share/shorewall/modules.xtables
+# Xtables Modules File
 #
-#	This file loads the modules that may be needed by the firewall.
+# This file loads the modules that may be needed by the firewall.
 #
-#	THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
+# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
-#	dependency order. i.e., if M2 depends on M1 then you must load M1
+# dependency order. i.e., if M2 depends on M1 then you must load M1
-#	before you load M2.
+# before you load M2.
 #
-#  If you need to modify this file, copy it to /etc/shorewall and modify the
+# If you need to modify this file, copy it to /etc/shorewall and modify the
-#  copy.
+# copy.
 #
 ###############################################################################
 loadmodule xt_AUDIT

Shorewall6/action.A_AllowICMPs

@@ -1,13 +1,11 @@
 #
-# Shorewall6 version 5 - Audited AllowICMPs Action
+# Shorewall6 -- /usr/share/shorewall6/action.A_AllowICMPs
 #
-# /usr/share/shorewall6/action.A_AllowICMPs
+# This action A_ACCEPTs needed ICMP types
-#
-#	This action A_ACCEPTs needed ICMP types
 #
 ###############################################################################
-#TARGET		SOURCE		DEST	PROTO		DEST
+#ACTION		SOURCE		DEST	PROTO		DPORT
-#							PORT(S)
+
 ?comment Needed ICMP types (RFC4890)
 
 A_ACCEPT	-		-	ipv6-icmp	destination-unreachable

Shorewall6/action.AllowICMPs

@@ -1,13 +1,10 @@
 #
-# Shorewall6 version 5 - AllowICMPs Action
+# Shorewall6 -- /usr/share/shorewall6/action.AllowICMPs
 #
-# /usr/share/shorewall6/action.AllowICMPs
+# This action ACCEPTs needed ICMP types
-#
-#	This action ACCEPTs needed ICMP types
 #
 ###############################################################################
-#TARGET	SOURCE		DEST	PROTO		DEST
+#ACTION	SOURCE		DEST	PROTO		DPORT
-#						PORT(S)
 
 DEFAULTS ACCEPT
 

Shorewall6/action.Broadcast

@@ -1,32 +1,32 @@
 #
-# Shorewall 4 - Multicast/Anycast Action
+# Shorewall6 -- /usr/share/shorewall6/action.Broadcast
 #
-#    /usr/share/shorewall/action.Broadcast
+# Multicast/Anycast IPv6 Action
 #
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
-#     (c) 2011 - Tom Eastep (teastep@shorewall.net)
+# (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
 #
-#       Complete documentation is available at http://shorewall.net
+# Complete documentation is available at http://shorewall.net
 #
-#       This program is free software; you can redistribute it and/or modify
+# This program is free software; you can redistribute it and/or modify
-#       it under the terms of Version 2 of the GNU General Public License
+# it under the terms of Version 2 of the GNU General Public License
-#       as published by the Free Software Foundation.
+# as published by the Free Software Foundation.
 #
-#       This program is distributed in the hope that it will be useful,
+# This program is distributed in the hope that it will be useful,
-#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       GNU General Public License for more details.
+# GNU General Public License for more details.
 #
-#       You should have received a copy of the GNU General Public License
+# You should have received a copy of the GNU General Public License
-#       along with this program; if not, write to the Free Software
+# along with this program; if not, write to the Free Software
-#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-#   Broadcast[([<action>|-[,{audit|-}])]
+# Broadcast[([<action>|-[,{audit|-}])]
 #
-#       Default action is DROP
+# Default action is DROP
 #
-##########################################################################################
+###############################################################################
 
 DEFAULTS DROP,-
 

Shorewall6/action.mangletemplate

@@ -1,20 +1,17 @@
 #
-# Shorewall version 5 - Mangle Action Template
+# Shorewall6 -- /usr/share/shorewall6/action.mangletemplate
 #
-# /etc/shorewall6/action.mangletemplate
+# This file is a template for files with names of the form
+# /etc/shorewall/action.<action-name> where <action> is an
+# ACTION defined with the mangle option in /etc/shorewall/actions.
 #
-#	This file is a template for files with names of the form
+# To define a new action:
-#	/etc/shorewall/action.<action-name> where <action> is an
-#	ACTION defined with the mangle option in /etc/shorewall/actions.
 #
-#	To define a new action:
+# 1. Add the <action name> to /etc/shorewall6/actions with the mangle option
+# 2. Copy this file to /etc/shorewall6/action.<action name>
+# 3. Add the desired rules to that file.
 #
-#	1. Add the <action name> to /etc/shorewall6/actions with the mangle option
+# Please see http://shorewall.net/Actions.html for additional information.
-#	2. Copy this file to /etc/shorewall6/action.<action name>
-#	3. Add the desired rules to that file.
-#
-#	Please see http://shorewall.net/Actions.html for additional
-#	information.
 #
 # Columns are the same as in /etc/shorewall6/mangle.
 #

Shorewall6/action.template

@@ -1,25 +1,21 @@
 #
-# Shorewall version 5 - Action Template
+# Shorewall6 -- /usr/share/shorewall6/action.template
 #
-# /etc/shorewall6/action.template
+# Action Template
 #
-#	This file is a template for files with names of the form
+# This file is a template for files with names of the form
-#	/etc/shorewall/action.<action-name> where <action> is an
+# /etc/shorewall/action.<action-name> where <action> is an
-#	ACTION defined in /etc/shorewall/actions.
+# ACTION defined in /etc/shorewall/actions.
 #
-#	To define a new action:
+# To define a new action:
 #
-#	1. Add the <action name> to /etc/shorewall/actions
+# 1. Add the <action name> to /etc/shorewall/actions
-#	2. Copy this file to /etc/shorewall/action.<action name>
+# 2. Copy this file to /etc/shorewall/action.<action name>
-#	3. Add the desired rules to that file.
+# 3. Add the desired rules to that file.
 #
-#	Please see http://shorewall.net/Actions.html for additional
+# Please see http://shorewall.net/Actions.html for additional information.
-#	information.
 #
 # Columns are the same as in /etc/shorewall6/rules.
 #
-#######################################################################################################
+##############################################################################################################################################################
-#                                         DO NOT REMOVE THE FOLLOWING LINE
+#ACTION		SOURCE		DEST		PROTO	DPORT	SPORT	ORIGDEST	RATE	USER	MARK	CONNLIMIT	TIME	HEADERS	SWITCH	HELPER
-#####################################################################################################################################################################################
-#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME       HEADERS   SWITCH    HELPER
-#							PORT	PORT(S)		DEST		LIMIT		GROUP

Shorewall6/lib.base

@@ -1,24 +1,24 @@
 #
-# Shorewall 4.4 -- /usr/share/shorewall6/lib.base
+# Shorewall -- /usr/share/shorewall6/lib.base
 #
-#     (c) 2011,2014 - Tom Eastep (teastep@shorewall.net)
+# (c) 2011-2016 Tom Eastep (teastep@shorewall.net)
 #
-#	Complete documentation is available at http://shorewall.net
+# Complete documentation is available at http://shorewall.net
 #
-#       This program is part of Shorewall.
+# This program is part of Shorewall.
 #
-#	This program is free software; you can redistribute it and/or modify
+# This program is free software; you can redistribute it and/or modify
-#	it under the terms of the GNU General Public License as published by the
+# it under the terms of the GNU General Public License as published by the
-#       Free Software Foundation, either version 2 of the license or, at your
+# Free Software Foundation, either version 2 of the license or, at your
-#       option, any later version.
+# option, any later version.
 #
-#	This program is distributed in the hope that it will be useful,
+# This program is distributed in the hope that it will be useful,
-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#	GNU General Public License for more details.
+# GNU General Public License for more details.
 #
-#	You should have received a copy of the GNU General Public License
+# You should have received a copy of the GNU General Public License
-#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 # This library contains the code common to all Shorewall components.
 

Shorewall6/modules.essential

@@ -1,16 +1,16 @@
 #
-# Shorewall6 version 5 - Essential Modules File
+# Shorewall6 -- /usr/share/shorewall6/modules.essential
 #
-# /usr/share/shorewall6/modules.essential
+# Essential Modules File
 #
-#	This file loads the modules that may be needed by the firewall.
+# This file loads the modules that may be needed by the firewall.
 #
-#	THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
+# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
-#	dependency order. i.e., if M2 depends on M1 then you must load M1
+# dependency order. i.e., if M2 depends on M1 then you must load M1
-#	before you load M2.
+# before you load M2.
 #
-#  If you need to modify this file, copy it to /etc/shorewall and modify the
+# If you need to modify this file, copy it to /etc/shorewall and modify the
-#  copy.
+# copy.
 #
 ###############################################################################
 loadmodule nfnetlink

Shorewall6/modules.extensions

@@ -1,16 +1,16 @@
 #
-# Shorewall6 version 5 - Extensions Modules File
+# Shorewall6 -- /usr/share/shorewall6/modules.extension
 #
-# /usr/share/shorewall6/modules.extension
+# Extensions Modules File
 #
-#	This file loads the modules that may be needed by the firewall.
+# This file loads the modules that may be needed by the firewall.
 #
-#	THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
+# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
-#	dependency order. i.e., if M2 depends on M1 then you must load M1
+# dependency order. i.e., if M2 depends on M1 then you must load M1
-#	before you load M2.
+# before you load M2.
 #
-#  If you need to modify this file, copy it to /etc/shorewall and modify the
+# If you need to modify this file, copy it to /etc/shorewall and modify the
-#  copy.
+# copy.
 #
 ###############################################################################
 loadmodule ip6_queue

Shorewall6/modules.ipset

@@ -1,16 +1,16 @@
 #
-# Shorewall version 5 - IP Set Modules File
+# Shorewall6 -- /usr/share/shorewall6/modules.ipset
 #
-# /usr/share/shorewall6/modules.ipset
+# IP Set Modules File
 #
-#	This file loads the modules that may be needed by the firewall.
+# This file loads the modules that may be needed by the firewall.
 #
-#	THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
+# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
-#	dependency order. i.e., if M2 depends on M1 then you must load M1
+# dependency order. i.e., if M2 depends on M1 then you must load M1
-#	before you load M2.
+# before you load M2.
 #
-#  If you need to modify this file, copy it to /etc/shorewall6 and modify the
+# If you need to modify this file, copy it to /etc/shorewall6 and modify the
-#  copy.
+# copy.
 #
 ###############################################################################
 loadmodule xt_set

Shorewall6/modules.tc

@@ -1,16 +1,16 @@
 #
-# Shorewall6 version 5 - Traffic Shaping Modules File
+# Shorewall6 -- /usr/share/shorewall6/modules.tc
 #
-# /usr/share/shorewall6/modules.tc
+# Traffic Shaping Modules File
 #
-#	This file loads the modules that may be needed by the firewall.
+# This file loads the modules that may be needed by the firewall.
 #
-#	THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
+# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
-#	dependency order. i.e., if M2 depends on M1 then you must load M1
+# dependency order. i.e., if M2 depends on M1 then you must load M1
-#	before you load M2.
+# before you load M2.
 #
-#  If you need to modify this file, copy it to /etc/shorewall and modify the
+# If you need to modify this file, copy it to /etc/shorewall and modify the
-#  copy.
+# copy.
 #
 ###############################################################################
 loadmodule sch_sfq

Shorewall6/modules.xtables

@@ -1,16 +1,16 @@
 #
-# Shorewall6 version 5 - Xtables Modules File
+# Shorewall6 -- /usr/share/shorewall6/modules.xtables
 #
-# /usr/share/shorewall6/modules.xtables
+# Xtables Modules File
 #
-#	This file loads the modules that may be needed by the firewall.
+# This file loads the modules that may be needed by the firewall.
 #
-#	THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
+# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
-#	dependency order. i.e., if M2 depends on M1 then you must load M1
+# dependency order. i.e., if M2 depends on M1 then you must load M1
-#	before you load M2.
+# before you load M2.
 #
-#  If you need to modify this file, copy it to /etc/shorewall and modify the
+# If you need to modify this file, copy it to /etc/shorewall and modify the
-#  copy.
+# copy.
 #
 ###############################################################################
 loadmodule xt_AUDIT