Use Shorewall macros with Shorewall6

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9026 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2008-12-13 18:32:06 +00:00 · 2008-12-13 18:32:06 +00:00 · 8f4c696076
commit 8f4c696076
parent a47c9b9871
79 changed files with 2 additions and 1552 deletions
--- a/Shorewall6/configpath
+++ b/Shorewall6/configpath
@ -10,4 +10,4 @@
 #	/usr/share/shorewall6/configfiles/. This prevents 'compile -e'
 #	from trying to use configuration information from /etc/shorewall.

-CONFIG_PATH=${CONFDIR}:/usr/share/shorewall6
+CONFIG_PATH=${CONFDIR}:/usr/share/shorewall6:/usr/share/shorewall
--- a/Shorewall6/macro.Amanda
+++ b/Shorewall6/macro.Amanda
@ -1,21 +0,0 @@
-#
-# Shorewall6 version 4 - Amanda Macro
-#
-# /usr/share/shorewall6/macro.Amanda
-#
-#	This macro handles connections required by the AMANDA backup system
-#	to back up remote nodes.  It does not provide the ability to restore
-#	files from those nodes.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	udp	10080
-#
-# You may also need this rule.  With AMANDA 2.4.4 on Linux kernel 2.6,
-# it should not be necessary to use this.  The ip_conntrack_amanda
-# kernel module should be loaded (via /etc/shorewall6/modules) on all
-# systems which need to pass AMANDA traffic through netfilter.
-#PARAM	-	-	tcp	50000:50100
-#
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.Auth
+++ b/Shorewall6/macro.Auth
@ -1,12 +0,0 @@
-#
-# Shorewall6 version 4 - Auth Macro
-#
-# /usr/share/shorewall6/macro.Auth
-#
-#	This macro handles Auth (identd) traffic.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	113
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.BitTorrent
+++ b/Shorewall6/macro.BitTorrent
@ -1,23 +0,0 @@
-#
-# Shorewall6 version 4 - BitTorrent Macro
-#
-# /usr/share/shorewall6/macro.BitTorrent
-#
-#	This macro handles BitTorrent traffic.
-#
-#	If you are running a more modern BitTorrent client, then you may need
-#	to tweak the open port range.  This can be done by copying the below
-#	rules into /etc/shorewall6 and making the necessary edits there:
-#
-#		Replace 6881:6889 with 6881:6899
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	6881:6889
-#
-# It may also be necessary to allow UDP traffic:
-#
-PARAM	-	-	udp	6881
-#
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.CVS
+++ b/Shorewall6/macro.CVS
@ -1,12 +0,0 @@
-#
-# Shorewall6 version 4 - CVS Macro
-#
-# /usr/share/shorewall6/macro.CVS
-#
-#	This macro handles connections to the CVS pserver.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	2401
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.DAAP
+++ b/Shorewall6/macro.DAAP
@ -1,14 +0,0 @@
-#
-# Shorewall6 version 4 - DAAP Macro
-#
-# /usr/share/shorewall6/macro.DAAP
-#
-#	This macro handles DAAP (Digital Audio Access Protocol) traffic.
-#	The protocol is used by iTunes, Rythmbox and other similar daemons.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	3689
-PARAM	-	-	udp	3689
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.DCC
+++ b/Shorewall6/macro.DCC
@ -1,13 +0,0 @@
-#
-# Shorewall6 version 4 - DCC Macro
-#
-# /usr/share/shorewall6/macro.DCC
-#
-#	This macro handles DCC (Distributed Checksum Clearinghouse) traffic.
-#	DCC is a distributed spam filtering mechanism.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	6277
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.DNS
+++ b/Shorewall6/macro.DNS
@ -1,13 +0,0 @@
-#
-# Shorewall6 version 4 - DNS Macro
-#
-# /usr/share/shorewall6/macro.DNS
-#
-#	This macro handles DNS traffic.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	udp	53
-PARAM	-	-	tcp	53
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.Distcc
+++ b/Shorewall6/macro.Distcc
@ -1,12 +0,0 @@
-#
-# Shorewall6 version 4 - Distcc Macro
-#
-# /usr/share/shorewall6/macro.Distcc
-#
-#	This macro handles connections to the Distributed Compiler service.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	3632
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.Drop
+++ b/Shorewall6/macro.Drop
@ -1,52 +0,0 @@
-#
-# Shorewall6 version 4 - Drop Macro
-#
-# /usr/share/shorewall6/macro.Drop
-#
-#	This macro generates the same rules as the Drop default action
-#	It is used in place of action.Drop when USE_ACTIONS=No.
-#
-#	Example:
-#
-#		Drop	net	all
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-#
-# Don't log 'auth' REJECT
-#
-REJECT	-	-	tcp	113
-#
-# ACCEPT critical ICMP types
-#
-AllowICMPs
-#
-# Drop Broadcasts so they don't clutter up the log
-# (broadcasts must *not* be rejected).
-#
-dropBcast
-#
-# Drop packets that are in the INVALID state -- these are usually ICMP packets
-# and just confuse people when they appear in the log (these ICMPs cannot be
-# rejected).
-#
-dropInvalid
-#
-# Drop Microsoft noise so that it doesn't clutter up the log.
-#
-DROP	-	-	udp	135,445
-DROP	-	-	udp	137:139
-DROP	-	-	udp	1024:	137
-DROP	-	-	tcp	135,139,445
-DROP	-	-	udp	1900
-#
-# Drop 'newnotsyn' traffic so that it doesn't get logged.
-#
-dropNotSyn
-#
-# Drop late-arriving DNS replies. These are just a nuisance and clutter up
-# the log.
-#
-DROP	-	-	udp	-	53
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.DropDNSrep
+++ b/Shorewall6/macro.DropDNSrep
@ -1,15 +0,0 @@
-#
-# Shorewall6 version 4 - DropDNSrep Macro
-#
-# /usr/share/shorewall6/macro.DropDNSrep
-#
-#	This macro silently drops DNS UDP replies
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-
-COMMENT Late DNS Replies
-
-DROP	-	-	udp	-	53
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.Edonkey
+++ b/Shorewall6/macro.Edonkey
@ -1,35 +0,0 @@
-#
-# Shorewall6 version 4 - Edonkey Macro
-#
-# /usr/share/shorewall6/macro.Edonkey
-#
-#	This macro handles Edonkey traffic.
-#
-#
-#	http://www.portforward.com/english/routers/port_forwarding/2wire/1000s/eDonkey.htm
-#	says to use udp 5737 rather than 4665.
-#
-#	http://www.amule.org/wiki/index.php/FAQ_ed2k says this:
-#
-#	4661 TCP (outgoing) Port, on which a server listens for connection
-#	(defined by server).
-#
-#	4665 UDP (outgoing) used for global server searches and global source
-#	queries. This is always Server TCP port (in this case 4661) + 4.
-#
-#	4662 TCP (outgoing and incoming) Client to client transfers.
-#
-#	4672 UDP (outgoing and incoming) Extended eMule protocol, Queue
-#	Rating, File Reask Ping
-#
-#	4711 TCP WebServer listening port.
-#
-#	4712 TCP External Connection port. Used to communicate aMule with other
-#	applications such as aMule WebServer or aMuleCMD.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	4662
-PARAM	-	-	udp	4665
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.FTP
+++ b/Shorewall6/macro.FTP
@ -1,12 +0,0 @@
-#
-# Shorewall6 version 4 - FTP Macro
-#
-# /usr/share/shorewall6/macro.FTP
-#
-#	This macro handles FTP traffic.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	21
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.Finger
+++ b/Shorewall6/macro.Finger
@ -1,13 +0,0 @@
-#
-# Shorewall6 version 4 - Finger Macro
-#
-# /usr/share/shorewall6/macro.Finger
-#
-#	This macro handles Finger protocol. You should not generally open
-#	your finger information to internet.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	79
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.GNUnet
+++ b/Shorewall6/macro.GNUnet
@ -1,15 +0,0 @@
-#
-# Shorewall6 version 4 - GNUnet Macro
-#
-# /usr/share/shorewall6/macro.GNUnet
-#
-#	This macro handles GNUnet (secure peer-to-peer networking) traffic.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	2086
-PARAM	-	-	udp	2086
-PARAM	-	-	tcp	1080
-PARAM	-	-	udp	1080
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.GRE
+++ b/Shorewall6/macro.GRE
@ -1,14 +0,0 @@
-#
-# Shorewall6 version 4 - GRE Macro
-#
-# /usr/share/shorewall6/macro.GRE
-#
-#	This macro (bi-directional) handles Generic Routing Encapsulation
-#	traffic (RFC 1701)
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	47	# GRE
-PARAM	DEST	SOURCE	47	# GRE
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.Gnutella
+++ b/Shorewall6/macro.Gnutella
@ -1,13 +0,0 @@
-#
-# Shorewall6 version 4 - Gnutella Macro
-#
-# /usr/share/shorewall6/macro.Gnutella
-#
-#	This macro handles Gnutella traffic.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	6346
-PARAM	-	-	udp	6346
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.HTTP
+++ b/Shorewall6/macro.HTTP
@ -1,12 +0,0 @@
-#
-# Shorewall6 version 4 - HTTP Macro
-#
-# /usr/share/shorewall6/macro.HTTP
-#
-#	This macro handles plaintext HTTP (WWW) traffic.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	80
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.HTTPS
+++ b/Shorewall6/macro.HTTPS
@ -1,12 +0,0 @@
-#
-# Shorewall6 version 4 - HTTPS Macro
-#
-# /usr/share/shorewall6/macro.HTTPS
-#
-#	This macro handles HTTPS (WWW over SSL) traffic.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	443
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.ICQ
+++ b/Shorewall6/macro.ICQ
@ -1,12 +0,0 @@
-#
-# Shorewall6 version 4 - ICQ Macro
-#
-# /usr/share/shorewall6/macro.ICQ
-#
-#	This macro handles ICQ, now called AOL Instant Messenger (or AIM).
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	5190
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.IMAP
+++ b/Shorewall6/macro.IMAP
@ -1,13 +0,0 @@
-#
-# Shorewall6 version 4 - IMAP Macro
-#
-# /usr/share/shorewall6/macro.IMAP
-#
-#	This macro handles plaintext IMAP traffic.  For encrypted IMAP,
-#	see macro.IMAPS.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	143
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.IMAPS
+++ b/Shorewall6/macro.IMAPS
@ -1,13 +0,0 @@
-#
-# Shorewall6 version 4 - IMAPS Macro
-#
-# /usr/share/shorewall6/macro.IMAPS
-#
-#	This macro handles encrypted IMAP traffic.  For plaintext IMAP
-#	(not recommended), see macro.IMAP.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	993
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.IPIP
+++ b/Shorewall6/macro.IPIP
@ -1,13 +0,0 @@
-#
-# Shorewall6 version 4 - IPIP Macro
-#
-# /usr/share/shorewall6/macro.IPIP
-#
-#	This macro (bidirectional) handles IPIP capsulation traffic
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	94	# IPIP
-PARAM	DEST	SOURCE	94	# IPIP
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.IPP
+++ b/Shorewall6/macro.IPP
@ -1,12 +0,0 @@
-#
-# Shorewall version 3.2 - IPP Macro
-#
-# /usr/share/shorewall/macro.IPP
-#
-#	This macro handles Internet Printing Protocol (IPP).
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	631
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.IPPserver
+++ b/Shorewall6/macro.IPPserver
@ -1,30 +0,0 @@
-#
-# Shorewall6 version 4 - IPPserver Macro
-#
-# /usr/share/shorewall6/macro.IPPserver
-#
-#	This macro handles Internet Printing Protocol (IPP), indicating
-#	that DEST is a printing server for SOURCE.  The macro allows
-#	print queue broadcasts from the server to the client, and
-#	printing connections from the client to the server.
-#
-#	Example usage on a single-interface firewall which is a print
-#	client:
-#		IPPserver/ACCEPT $FW net
-#
-#	Example for a two-interface firewall which acts as a print
-#	server for loc:
-#		IPPserver/ACCEPT loc $FW
-#	
-#	NOTE: If you want both to serve requests for local printers and
-#	listen to requests for remote printers (i.e. your CUPS server is
-#	also a client), you need to apply the rule twice, e.g.
-#		IPPserver/ACCEPT loc $FW
-#		IPPserver/ACCEPT $FW loc
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	SOURCE	DEST	tcp	631
-PARAM	DEST	SOURCE	udp	631
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.IPsec
+++ b/Shorewall6/macro.IPsec
@ -1,15 +0,0 @@
-#
-# Shorewall6 version 4 - IPsec Macro
-#
-# /usr/share/shorewall6/macro.IPsec
-#
-#	This macro (bidirectional) handles IPsec traffic
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	udp	500	500	# IKE
-PARAM	-	-	50			# ESP
-PARAM	DEST	SOURCE	udp	500	500	# IKE
-PARAM	DEST	SOURCE	50			# ESP
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.IPsecah
+++ b/Shorewall6/macro.IPsecah
@ -1,16 +0,0 @@
-#
-# Shorewall6 version 4 - IPsecah Macro
-#
-# /usr/share/shorewall6/macro.IPsecah
-#
-#	This macro (bidirectional) handles IPsec authentication (AH) traffic.
-#       This is insecure. You should use ESP with encryption for security.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	udp	500	500	# IKE
-PARAM	-	-	51			# AH
-PARAM	DEST	SOURCE	udp	500	500	# IKE
-PARAM	DEST	SOURCE	51			# AH
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.IPsecnat
+++ b/Shorewall6/macro.IPsecnat
@ -1,17 +0,0 @@
-#
-# Shorewall6 version 4 - IPsecnat Macro
-#
-# /usr/share/shorewall6/macro.IPsecnat
-#
-#	This macro (bidirectional) handles IPsec traffic and Nat-Traversal
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	udp	500	# IKE
-PARAM	-	-	udp	4500	# NAT-T
-PARAM	-	-	50		# ESP
-PARAM	DEST	SOURCE	udp	500	# IKE
-PARAM	DEST	SOURCE	udp	4500	# NAT-T
-PARAM	DEST	SOURCE	50		# ESP
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.JAP
+++ b/Shorewall6/macro.JAP
@ -1,18 +0,0 @@
-#
-# Shorewall6 version 4 - JAP Macro
-#
-# /usr/share/shorewall6/macro.JAP
-#
-#	This macro handles JAP Anon Proxy traffic.  This macro is for
-#	administrators running a Mix server.  It is NOT for people trying
-#	to browse anonymously!
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	8080 # HTTP port
-PARAM	-	-	tcp	6544 # HTTP port
-PARAM	-	-	tcp	6543 # InfoService port
-HTTPS/PARAM
-SSH/PARAM
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.JabberPlain
+++ b/Shorewall6/macro.JabberPlain
@ -1,12 +0,0 @@
-#
-# Shorewall6 version 4 - JabberPlain Macro
-#
-# /usr/share/shorewall6/macro.JabberPlain
-#
-#	This macro accepts Jabber traffic (plaintext).
-#
-###############################################################################
-#TARGET	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	5222
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.JabberSecure
+++ b/Shorewall6/macro.JabberSecure
@ -1,12 +0,0 @@
-#
-# Shorewall6 version 4 - JabberSecure (ssl) Macro
-#
-# /usr/share/shorewall6/macro.JabberSecure
-#
-#	This macro accepts Jabber traffic (ssl).
-#
-###############################################################################
-#TARGET	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	5223
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.Jabberd
+++ b/Shorewall6/macro.Jabberd
@ -1,12 +0,0 @@
-#
-# Shorewall6 version 4 - Jabberd (server intercommunication)
-#
-# /usr/share/shorewall6/macro.Jabberd
-#
-#	This macro accepts Jabberd intercommunication traffic
-#
-###############################################################################
-#TARGET	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	5269
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.Jetdirect
+++ b/Shorewall6/macro.Jetdirect
@ -1,12 +0,0 @@
-#
-# Shorewall6 version 4 - Jetdirect Macro
-#
-# /usr/share/shorewall6/macro.Jetdirect
-#
-#	This macro handles HP Jetdirect printing.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	9100
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.L2TP
+++ b/Shorewall6/macro.L2TP
@ -1,14 +0,0 @@
-#
-# Shorewall6 version 4 - L2TP Macro
-#
-# /usr/share/shorewall6/macro.L2TP
-#
-#	This macro (bidirectional) handles Layer 2 Tunneling Protocol traffic
-#	(RFC 2661)
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	udp	1701	# L2TP
-PARAM	DEST	SOURCE	udp	1701	# L2TP
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.LDAP
+++ b/Shorewall6/macro.LDAP
@ -1,17 +0,0 @@
-#
-# Shorewall6 version 4 - LDAP Macro
-#
-# /usr/share/shorewall6/macro.LDAP
-#
-#	This macro handles plaintext LDAP traffic.  For encrypted LDAP
-#	traffic, see macro.LDAPS.  Use of LDAPS is recommended (and is
-#	required by some directory services) if you want to do user
-#	authentication over LDAP.  Note that some LDAP implementations
-#	support initiating TLS connections via the plaintext LDAP port.
-#	Consult your LDAP server documentation for details.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	389
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.LDAPS
+++ b/Shorewall6/macro.LDAPS
@ -1,17 +0,0 @@
-#
-# Shorewall6 version 4 - LDAPS Macro
-#
-# /usr/share/shorewall6/macro.LDAPS
-#
-#	This macro handles encrypted LDAP traffic.  For plaintext LDAP
-#	traffic, see macro.LDAP.  Use of LDAPS is recommended (and is
-#	required by some directory services) if you want to do user
-#	authentication over LDAP.  Note that some LDAP implementations
-#	support initiating TLS connections via the plaintext LDAP port.
-#	Consult your LDAP server documentation for details.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	636
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.Mail
+++ b/Shorewall6/macro.Mail
@ -1,19 +0,0 @@
-#
-# Shorewall6 version 4 - Mail Macro
-#
-# /usr/share/shorewall6/macro.Mail
-#
-#	This macro handles SMTP (email secure and insecure) traffic.
-#	It's the aggregate of macro.SMTP, macro.SMTPS, macro.Submission.
-#
-#	Note: This macro handles traffic between an MUA (Email client)
-#	and an MTA (mail server) or between MTAs. It does not enable
-#	reading of email via POP3 or IMAP. For those you need to use
-#	the POP3 or IMAP macros.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	25
-PARAM	-	-	tcp	465
-PARAM	-	-	tcp	587
--- a/Shorewall6/macro.MySQL
+++ b/Shorewall6/macro.MySQL
@ -1,12 +0,0 @@
-#
-# Shorewall6 version 4 - MySQL Macro
-#
-# /usr/share/shorewall6/macro.MySQL
-#
-#	This macro handles connections to the MySQL server.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	3306
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.NNTP
+++ b/Shorewall6/macro.NNTP
@ -1,13 +0,0 @@
-#
-# Shorewall6 version 4 NNTP Macro
-#
-# /usr/share/shorewall6/macro.NNTP
-#
-#	This macro handles plaintext NNTP traffic (Usenet).  For
-#	encrypted NNTP, see macro.NNTPS.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	119
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.NNTPS
+++ b/Shorewall6/macro.NNTPS
@ -1,13 +0,0 @@
-#
-# Shorewall6 version 4 NNTPS Macro
-#
-# /usr/share/shorewall6/macro.NNTPS
-#
-#	This macro handles encrypted NNTP traffic (Usenet).  For
-#	plaintext NNTP, see macro.NNTP.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	563
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.NTP
+++ b/Shorewall6/macro.NTP
@ -1,13 +0,0 @@
-#
-# Shorewall6 version 4 - NTP Macro
-#
-# /usr/share/shorewall6/macro.NTP
-#
-#	This macro handles NTP traffic (ntpd).
-#	For broadcast NTP traffic, use NTPbrd Macro.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	udp	123
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.NTPbrd
+++ b/Shorewall6/macro.NTPbrd
@ -1,18 +0,0 @@
-#
-# Shorewall version 4 - NTPbrd Macro
-#
-# /usr/share/shorewall/macro.NTPbrd
-#
-#	This macro handles NTP traffic (ntpd) including replies to Broadcast
-#	NTP traffic.
-#
-#	It is recommended only to use this where the source host is trusted -
-#	otherwise it opens up a large hole in your firewall because
-#	Netfilter doesn't track connections for broadcast traffic.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-		-		udp	123
-PARAM	-		-		udp	1024:	123
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.OpenVPN
+++ b/Shorewall6/macro.OpenVPN
@ -1,12 +0,0 @@
-#
-# Shorewall6 version 4 - OpenVPN Macro
-#
-# /usr/share/shorewall6/macro.OpenVPN Macro
-#
-#	This macro handles OpenVPN traffic.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	udp	1194
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.PCA
+++ b/Shorewall6/macro.PCA
@ -1,13 +0,0 @@
-#
-# Shorewall6 version 4 - PCA Macro
-#
-# /usr/share/shorewall6/macro.PCA
-#
-#	This macro handles PCAnywere (tm)
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	udp	5632
-PARAM	-	-	tcp	5631
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.POP3
+++ b/Shorewall6/macro.POP3
@ -1,13 +0,0 @@
-#
-# Shorewall6 version 4 - POP3 Macro
-#
-# /usr/share/shorewall6/macro.POP3
-#
-#	This macro handles plaintext POP3 traffic.  For encrypted POP3,
-#	see macro.POP3S.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	110
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.POP3S
+++ b/Shorewall6/macro.POP3S
@ -1,13 +0,0 @@
-#
-# Shorewall6 version 4 - POP3S Macro
-#
-# /usr/share/shorewall6/macro.POP3S
-#
-#	This macro handles encrypted POP3 traffic.  For plaintext POP3,
-#	see macro.POP3.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	995	# Secure POP3
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.PPtP
+++ b/Shorewall6/macro.PPtP
@ -1,14 +0,0 @@
-#
-# Shorewall6 version 4 - PPTP Macro
-#
-# /usr/share/shorewall6/macro.PPtP Macro
-#
-#	This macro handles PPTP traffic.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	47
-PARAM	DEST	SOURCE	47
-PARAM	-	-	tcp	1723
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.Ping
+++ b/Shorewall6/macro.Ping
@ -1,12 +0,0 @@
-#
-# Shorewall6 version 4 - Ping Macro
-#
-# /usr/share/shorewall6/macro.Ping
-#
-#	This macro handles 'ping' requests.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO		DEST	SOURCE	RATE	USER/
-#					PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	ipv6-icmp	128
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.PostgreSQL
+++ b/Shorewall6/macro.PostgreSQL
@ -1,12 +0,0 @@
-#
-# Shorewall6 version 4 - PostgreSQL Macro
-#
-# /usr/share/shorewall6/macro.PostgreSQL
-#
-#	This macro handles connections to the PostgreSQL server.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	5432
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.Printer
+++ b/Shorewall6/macro.Printer
@ -1,12 +0,0 @@
-#
-# Shorewall6 version 4 - Printer Macro
-#
-# /usr/share/shorewall6/macro.Printer
-#
-#	This macro handles Line Printer protocol printing.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	515
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.RDP
+++ b/Shorewall6/macro.RDP
@ -1,12 +0,0 @@
-#
-# Shorewall6 version 4 - RDP Macro
-#
-# /usr/share/shorewall6/macro.RDP
-#
-#	This macro handles Microsoft RDP (Remote Desktop) traffic.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	3389
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.RNDC
+++ b/Shorewall6/macro.RNDC
@ -1,12 +0,0 @@
-#
-# Shorewall6 version 4 - RNDC Macro
-#
-# /usr/share/shorewall6/macro.RNDC
-#
-#	This macro handles RNDC (BIND remote management protocol) traffic.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	953
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.Rdate
+++ b/Shorewall6/macro.Rdate
@ -1,16 +0,0 @@
-#
-# Shorewall6 version 4 - Rdate Macro
-#
-# /usr/share/shorewall6/macro.Rdate
-#
-#	This macro handles remote time retrieval (rdate).
-#	Unless you are supporting extremely old hardware or software,
-#	you shouldn't be using this.  NTP is a superior alternative.
-#	And even if you need to use rfc 868 Time protocol you should
-#	use Time macro instead.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	37
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.Reject
+++ b/Shorewall6/macro.Reject
@ -1,53 +0,0 @@
-#
-# Shorewall6 version 4 - Reject Macro
-#
-# /usr/share/shorewall6/macro.Reject
-#
-#	This macro generates the same rules as the Reject default action
-#	It is used in place of action.Reject when USE_ACTIONS=No.
-#
-#	Example:
-#
-#		Reject	loc	fw
-#
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-#
-# Don't log 'auth' REJECT
-#
-REJECT	-	-	tcp	113
-#
-# Drop Broadcasts so they don't clutter up the log
-# (broadcasts must *not* be rejected).
-#
-dropBcast
-#
-# ACCEPT critical ICMP types
-#
-AllowICMPs
-#
-# Drop packets that are in the INVALID state -- these are usually ICMP packets
-# and just confuse people when they appear in the log (these ICMPs cannot be
-# rejected).
-#
-dropInvalid
-#
-# Reject Microsoft noise so that it doesn't clutter up the log.
-#
-REJECT	-	-	udp	135,445
-REJECT	-	-	udp	137:139
-REJECT	-	-	udp	1024:	137
-REJECT	-	-	tcp	135,139,445
-DROP	-	-	udp	1900
-#
-# Drop 'newnotsyn' traffic so that it doesn't get logged.
-#
-dropNotSyn
-#
-# Drop late-arriving DNS replies. These are just a nuisance and clutter up
-# the log.
-#
-DROP	-	-	udp	-	53
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.Rsync
+++ b/Shorewall6/macro.Rsync
@ -1,12 +0,0 @@
-#
-# Shorewall6 version 4 - Rsync Macro
-#
-# /usr/share/shorewall6/macro.Rsync
-#
-#	This macro handles connections to the rsync server.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	873
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.SANE
+++ b/Shorewall6/macro.SANE
@ -1,23 +0,0 @@
-#
-# Shorewall6 version 4 - SANE Macro
-#
-# /usr/share/shorewall6/macro.SANE
-#
-#	This macro handles SANE network scanning.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	6566
-#
-# Kernels 2.6.23+ has nf_conntrack_sane module which will handle
-# sane data connection.
-#
-# If you don't have sane conntracking support you need to open whole dynamic
-# port range.
-#
-# This is for normal linux 2.4+
-#PARAM	-	-	tcp	32768:61000
-# This is generic rule for any os running saned.
-#PARAM	-	-	tcp	1024:
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.SMB
+++ b/Shorewall6/macro.SMB
@ -1,19 +0,0 @@
-#
-# Shorewall6 version 4 - SMB Macro
-#
-# /usr/share/shorewall6/macro.SMB
-#
-#	This macro handles Microsoft SMB traffic. You need to invoke
-#	this macro in both directions.  Beware!  This rule opens a lot
-#	of ports, and could possibly be used to compromise your firewall
-#	if not used with care.  You should only allow SMB traffic
-#	between hosts you fully trust.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	udp	135,445
-PARAM	-	-	udp	137:139
-PARAM	-	-	udp	1024:	137
-PARAM	-	-	tcp	135,139,445
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.SMBBI
+++ b/Shorewall6/macro.SMBBI
@ -1,23 +0,0 @@
-#
-# Shorewall6 version 4 - SMB Bi-directional Macro
-#
-# /usr/share/shorewall6/macro.SMBBI
-#
-#	This macro (bidirectional) handles Microsoft SMB traffic.
-#
-#	Beware!  This macro opens a lot of ports, and could possibly be used
-#	to compromise your firewall if not used with care.  You should only
-#	allow SMB traffic between hosts you fully trust.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	udp	135,445
-PARAM	-	-	udp	137:139
-PARAM	-	-	udp	1024:	137
-PARAM	-	-	tcp	135,139,445
-PARAM	DEST	SOURCE	udp	135,445
-PARAM	DEST	SOURCE	udp	137:139
-PARAM	DEST	SOURCE	udp	1024:	137
-PARAM	DEST	SOURCE	tcp	135,139,445
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.SMBswat
+++ b/Shorewall6/macro.SMBswat
@ -1,13 +0,0 @@
-#
-# Shorewall6 version 4 - SMBswat Macro
-#
-# /usr/share/shorewall6/macro.SMBswat
-#
-#	This macro handles connections to the Samba Web Administration Tool
-#	(SWAT).
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	901
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.SMTP
+++ b/Shorewall6/macro.SMTP
@ -1,20 +0,0 @@
-#
-# Shorewall6 version 4 - SMTP Macro
-#
-# /usr/share/shorewall6/macro.SMTP
-#
-#	This macro handles plaintext SMTP (email) traffic.  For SMTP
-#	encrypted over SSL, use macro.SMTPS.  Note that STARTTLS can be
-#	used over the standard STMP port, so the use of this macro
-#	doesn't necessarily imply the use of an insecure connection.
-#
-#	Note: This macro handles traffic between an MUA (Email client)
-#	and an MTA (mail server) or between MTAs. It does not enable
-#	reading of email via POP3 or IMAP. For those you need to use
-#	the POP3 or IMAP macros.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	25
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.SMTPS
+++ b/Shorewall6/macro.SMTPS
@ -1,17 +0,0 @@
-#
-# Shorewall version 4 - SMTPS Macro
-#
-# /usr/share/shorewall/macro.SMTPS
-#
-#	This macro handles encrypted SMTPS (email) traffic.
-#
-#	Note: This macro handles traffic between an MUA (Email client)
-#	and an MTA (mail server) or between MTAs. It does not enable
-#	reading of email via POP3 or IMAP. For those you need to use
-#	the POP3(S) or IMAP(S) macros.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	465
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.SNMP
+++ b/Shorewall6/macro.SNMP
@ -1,13 +0,0 @@
-#
-# Shorewall version 4 - SNMP Macro
-#
-# /usr/share/shorewall/macro.SNMP
-#
-#	This macro handles SNMP traffic (including traps).
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	udp	161:162
-PARAM	-	-	tcp	161
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.SPAMD
+++ b/Shorewall6/macro.SPAMD
@ -1,12 +0,0 @@
-#
-# Shorewall version 4 - SPAMD Macro
-#
-# /usr/share/shorewall/macro.SPAMD
-#
-#	This macro handles Spam Assassin SPAMD traffic.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	783
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.SSH
+++ b/Shorewall6/macro.SSH
@ -1,12 +0,0 @@
-#
-# Shorewall version 4 - SSH Macro
-#
-# /usr/share/shorewall/macro.SSH
-#
-#	This macro handles secure shell (SSH) traffic.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	22
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.SVN
+++ b/Shorewall6/macro.SVN
@ -1,13 +0,0 @@
-#
-# Shorewall version 4 - SVN Macro
-#
-# /usr/share/shorewall/macro.SVN
-#
-#	This macro handles connections to the Subversion server (svnserve).
-#
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	3690
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.Submission
+++ b/Shorewall6/macro.Submission
@ -1,12 +0,0 @@
-#
-# Shorewall version 4 - Submission Macro
-#
-# /usr/share/shorewall/macro.Submission
-#
-#	This macro handles mail message submission traffic.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	587
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.Syslog
+++ b/Shorewall6/macro.Syslog
@ -1,12 +0,0 @@
-#
-# Shorewall version 4 - Syslog Macro
-#
-# /usr/share/shorewall/macro.Syslog
-#
-#	This macro handles syslog UDP traffic.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	udp	514
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.TFTP
+++ b/Shorewall6/macro.TFTP
@ -1,14 +0,0 @@
-#
-# Shorewall version 3.2 - TFTP Macro
-#
-# /usr/share/shorewall/macro.TFTP
-#
-#	This macro handles Trivial File Transfer Protocol (TFTP)
-#	Because TFTP lacks all security you should not enable it over
-#	Internet.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	udp	69
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.Telnet
+++ b/Shorewall6/macro.Telnet
@ -1,13 +0,0 @@
-#
-# Shorewall version 4 - Telnet Macro
-#
-# /usr/share/shorewall/macro.Telnet
-#
-#	This macro handles Telnet traffic. For traffic over the
-#	internet, telnet is inappropriate; use SSH instead
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	23
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.Telnets
+++ b/Shorewall6/macro.Telnets
@ -1,13 +0,0 @@
-#
-# Shorewall version 4 - Telnet Macro
-#
-# /usr/share/shorewall/macro.Telnets
-#
-#	This macro handles Telnets (Telnet over SSL) traffic.
-#	For traffic over the internet, SSH might be more practical.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	992
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.Time
+++ b/Shorewall6/macro.Time
@ -1,14 +0,0 @@
-#
-# Shorewall version 4 - Time Macro
-#
-# /usr/share/shorewall/macro.Time
-#
-#	This macro handles rfc 868 Time protocol.
-#	Unless you are supporting extremely old hardware or software,
-#	you shouldn't be using this.  NTP is a superior alternative.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	37
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.Trcrt
+++ b/Shorewall6/macro.Trcrt
@ -1,13 +0,0 @@
-#
-# Shorewall version 4 -Trcrt Macro
-#
-# /usr/share/shorewall/macro.Trcrt
-#
-#	This macro handles Traceroute (for up to 30 hops).
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	udp	33434:33524 # UDP Traceroute
-PARAM	-	-	icmp	8	    # ICMP Traceroute
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.VNC
+++ b/Shorewall6/macro.VNC
@ -1,12 +0,0 @@
-#
-# Shorewall version 4 - VNC Macro
-#
-# /usr/share/shorewall/macro.VNC
-#
-#	This macro handles VNC traffic for VNC display's 0 - 9.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	5900:5909
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.VNCL
+++ b/Shorewall6/macro.VNCL
@ -1,13 +0,0 @@
-#
-# Shorewall version 4 -VNCL Macro
-#
-# /usr/share/shorewall/macro.VNCL
-#
-#	This macro handles VNC traffic from Vncservers to Vncviewers in listen
-#	mode.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	5500
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.Web
+++ b/Shorewall6/macro.Web
@ -1,15 +0,0 @@
-#
-# Shorewall version 4 - Web Macro
-#
-# /usr/share/shorewall/macro.Web
-#
-#	This macro handles WWW traffic (secure and insecure).  This
-#	macro is deprecated - use of macro.HTTP and macro.HTTPS instead
-#	is recommended.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	80	# HTTP (plaintext)
-PARAM	-	-	tcp	443	# HTTPS (over SSL)
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.Webmin
+++ b/Shorewall6/macro.Webmin
@ -1,12 +0,0 @@
-#
-# Shorewall version 4 - Webmin Macro
-#
-# /usr/share/shorewall/macro.Webmin
-#
-#	This macro handles Webmin traffic.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	10000
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.Whois
+++ b/Shorewall6/macro.Whois
@ -1,12 +0,0 @@
-#
-# Shorewall version 4 - Whois Macro
-#
-# /usr/share/shorewall/macro.Whois
-#
-#	This macro handles whois (nicname) traffic.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-PARAM	-	-	tcp	43
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/macro.template
+++ b/Shorewall6/macro.template
@ -1,368 +0,0 @@
-#
-# Shorewall version 4 - Macro Template
-#
-# /usr/share/shorewall/macro.template
-#
-# Macro files are similar to action files with the following exceptions:
-#
-#	- A macro file is not processed unless the marcro that it defines is
-#	  referenced in the /etc/shorewall/rules file or in an action
-#	  definition file.
-#
-#	- Macros are translated directly into one or more rules whereas
-#	  actions become their own chain.
-#
-#	- All entries in a macro undergo substitution when the macro is
-#	  invoked in the rules file.
-#
-#	- Macros used in action bodies may not invoke other macros.
-#
-# The columns in the file are the same as those in the action.template file but
-# have different restrictions:
-#
-# Columns are:
-#
-#	ACTION		ACCEPT, DROP, REJECT, DNAT, DNAT-, REDIRECT, CONTINUE,
-#			LOG, QUEUE, PARAM or an <action> name.
-#
-#				ACCEPT	 -- allow the connection request
-#				ACCEPT+	 -- like ACCEPT but also excludes the
-#					    connection from any subsequent
-#					    DNAT[-] or REDIRECT[-] rules
-#				NONAT	 -- Excludes the connection from any
-#					    subsequent DNAT[-] or REDIRECT[-]
-#					    rules but doesn't generate a rule
-#					    to accept the traffic.
-#				DROP	 -- ignore the request
-#				REJECT	 -- disallow the request and return an
-#					    icmp-unreachable or an RST packet.
-#				DNAT	 -- Forward the request to another
-#					    system (and optionally another
-#					    port).
-#				DNAT-	 -- Advanced users only.
-#					    Like DNAT but only generates the
-#					    DNAT iptables rule and not
-#					    the companion ACCEPT rule.
-#				SAME	 -- Similar to DNAT except that the
-#					    port may not be remapped and when
-#					    multiple server addresses are
-#					    listed, all requests from a given
-#					    remote system go to the same
-#					    server.
-#				SAME-	 -- Advanced users only.
-#					    Like SAME but only generates the
-#					    NAT iptables rule and not
-#					    the companion ACCEPT rule.
-#				REDIRECT -- Redirect the request to a local
-#					    port on the firewall.
-#				REDIRECT-
-#					 -- Advanced users only.
-#					    Like REDIRET but only generates the
-#					    REDIRECT iptables rule and not
-#					    the companion ACCEPT rule.
-#
-#				CONTINUE -- (For experts only). Do not process
-#					    any of the following rules for this
-#					    (source zone,destination zone). If
-#					    The source and/or destination IP
-#					    address falls into a zone defined
-#					    later in /etc/shorewall/zones, this
-#					    connection request will be passed
-#					    to the rules defined for that
-#					    (those) zone(s).
-#				LOG	 -- Simply log the packet and continue.
-#				QUEUE	 -- Queue the packet to a user-space
-#					    application such as ftwall
-#					    (http://p2pwall.sf.net).
-#				PARAM	 -- If you code PARAM as the action in
-#					    a macro then when you invoke the
-#					    macro, you can include the name of
-#					    the macro followed by a slash ("/")
-#					    and an ACTION (either builtin or
-#					    user-defined. All instances of
-#					    PARAM in the body of the macro will
-#					    be replaced with the ACTION.
-#				<action> -- The name of an action defined in
-#					    /usr/share/shorewall/actions.std or
-#					    in /etc/shorewall/actions.
-#
-#			The ACTION may optionally be followed
-#			by ":" and a syslog log level (e.g, REJECT:info or
-#			DNAT:debug). This causes the packet to be
-#			logged at the specified level.
-#
-#			You may also specify ULOG (must be in upper case) as a
-#			log level.This will log to the ULOG target for routing
-#			to a separate log through use of ulogd
-#			(http://www.gnumonks.org/projects/ulogd).
-#
-#			Actions specifying logging may be followed by a
-#			log tag (a string of alphanumeric characters)
-#			are appended to the string generated by the
-#			LOGPREFIX (in /etc/shorewall/shorewall.conf).
-#
-#			Example: ACCEPT:info:ftp would include 'ftp '
-#			at the end of the log prefix generated by the
-#			LOGPREFIX setting.
-#
-#	SOURCE		Source hosts to which the rule applies. May be a zone
-#			defined in /etc/shorewall/zones, $FW to indicate the
-#			firewall itself, "all", "all+" or "none" If the ACTION
-#			is DNAT	or REDIRECT, sub-zones of the specified zone
-#			may be excluded from the rule by following the zone
-#			name with "!' and a comma-separated list of sub-zone
-#			names.
-#
-#			When "none" is used either in the SOURCE or DEST
-#			column, the rule is ignored.
-#
-#			When "all" is used either in the SOURCE or DEST column
-#			intra-zone traffic is not affected. When "all+" is
-#			used, intra-zone traffic is affected.
-#
-#			Except when "all[+]" is specified, clients may be
-#			further restricted to a list of subnets and/or hosts by
-#			appending ":" and a comma-separated list of subnets
-#			and/or hosts. Hosts may be specified by IP or MAC
-#			address; mac addresses must begin with "~" and must use
-#			"-" as a separator.
-#
-#			Hosts may be specified as an IP address range using the
-#			syntax <low address>-<high address>. This requires that
-#			your kernel and iptables contain iprange match support.
-#			If you kernel and iptables have ipset match support
-#			then you may give the name of an ipset prefaced by "+".
-#			The ipset name may be optionally followed by a number
-#			from 1 to 6 enclosed in square brackets ([]) to
-#			indicate the number of levels of source bindings to be
-#			matched.
-#
-#			dmz:192.168.2.2		Host 192.168.2.2 in the DMZ
-#
-#			net:155.186.235.0/24	Subnet 155.186.235.0/24 on the
-#						Internet
-#
-#			loc:192.168.1.1,192.168.1.2
-#						Hosts 192.168.1.1 and
-#						192.168.1.2 in the local zone.
-#			loc:~00-A0-C9-15-39-78	Host in the local zone with
-#						MAC address 00:A0:C9:15:39:78.
-#
-#			net:192.0.2.11-192.0.2.17
-#						Hosts 192.0.2.11-192.0.2.17 in
-#						the net zone.
-#
-#			Alternatively, clients may be specified by interface
-#			by appending ":" to the zone name followed by the
-#			interface name. For example, loc:eth1 specifies a
-#			client that communicates with the firewall system
-#			through eth1. This may be optionally followed by
-#			another colon (":") and an IP/MAC/subnet address
-#			as described above (e.g., loc:eth1:192.168.1.5).
-#
-#	DEST		Location of Server. May be a zone defined in
-#			/etc/shorewall/zones, $FW to indicate the firewall
-#			itself, "all". "all+" or "none".
-#
-#			When "none" is used either in the SOURCE or DEST
-#			column, the rule is ignored.
-#
-#			When "all" is used either in the SOURCE or DEST column
-#			intra-zone traffic is not affected. When "all+" is
-#			used, intra-zone traffic is affected.
-#
-#			Except when "all[+]" is specified, the server may be
-#			further restricted to a particular subnet, host or
-#			interface by appending ":" and the subnet, host or
-#			interface. See above.
-#
-#				Restrictions:
-#
-#				1. MAC addresses are not allowed.
-#				2. In DNAT rules, only IP addresses are
-#				   allowed; no FQDNs or subnet addresses
-#				   are permitted.
-#				3. You may not specify both an interface and
-#				   an address.
-#
-#			Like in the SOURCE column, you may specify a range of
-#			up to 256 IP addresses using the syntax
-#			<first ip>-<last ip>. When the ACTION is DNAT or DNAT-,
-#			the connections will be assigned to addresses in the
-#			range in a round-robin fashion.
-#
-#			If you kernel and iptables have ipset match support
-#			then you may give the name of an ipset prefaced by "+".
-#			The ipset name may be optionally followed by a number
-#			from 1 to 6 enclosed in square brackets ([]) to
-#			indicate the number of levels of destination bindings
-#			to be matched. Only one of the SOURCE and DEST columns
-#			may specify an ipset name.
-#
-#			The port that the server is listening on may be
-#			included and separated from the server's IP address by
-#			":". If omitted, the firewall will not modifiy the
-#			destination port. A destination port may only be
-#			included if the ACTION is DNAT or REDIRECT.
-#
-#			Example: loc:192.168.1.3:3128 specifies a local
-#			server at IP address 192.168.1.3 and listening on port
-#			3128. The port number MUST be specified as an integer
-#			and not as a name from /etc/services.
-#
-#			if the ACTION is REDIRECT, this column needs only to
-#			contain the port number on the firewall that the
-#			request should be redirected to.
-#
-#	PROTO		Protocol - Must be "tcp", "tcp:syn", "udp", "icmp",
-#			"ipp2p", "ipp2p:udp", "ipp2p:all" a number, or "all".
-#                       "ipp2p*" requires ipp2p match support in your kernel
-#                       and iptables.
-#
-#			"tcp:syn" implies "tcp" plus the SYN flag must be
-#			set and the RST,ACK and FIN flags must be reset.
-#
-#	DEST PORT(S)	Destination Ports. A comma-separated list of Port
-#			names (from /etc/services), port numbers or port
-#			ranges; if the protocol is "icmp", this column is
-#			interpreted as the destination icmp-type(s).
-#
-#			If the protocol is ipp2p*, this column is interpreted
-#			as an ipp2p option without the leading "--" (example
-#			"bit" for bit-torrent). If no port is given, "ipp2p" is
-#			assumed.
-#
-#			A port range is expressed as <low port>:<high port>.
-#
-#			This column is ignored if PROTOCOL = all but must be
-#			entered if any of the following ields are supplied.
-#			In that case, it is suggested that this field contain
-#			 "-"
-#
-#			If your kernel contains multi-port match support, then
-#			only a single Netfilter rule will be generated if in
-#			this list and the CLIENT PORT(S) list below:
-#			1. There are 15 or less ports listed.
-#			2. No port ranges are included.
-#			Otherwise, a separate rule will be generated for each
-#			port.
-#
-#	SOURCE PORT(S)	(Optional) Port(s) used by the client. If omitted,
-#			any source port is acceptable. Specified as a comma-
-#			separated list of port names, port numbers or port
-#			ranges.
-#
-#			If you don't want to restrict client ports but need to
-#			specify an ORIGINAL DEST in the next column, then
-#			place "-" in this column.
-#
-#			If your kernel contains multi-port match support, then
-#			only a single Netfilter rule will be generated if in
-#			this list and the DEST PORT(S) list above:
-#			1. There are 15 or less ports listed.
-#			2. No port ranges are included.
-#			Otherwise, a separate rule will be generated for each
-#			port.
-#
-#       ORIGINAL        Original destination IP address. Must be omitted (
-#       DEST            or '-') if the macro is to be used from within
-#                       an action. See 'man shorewall-rules'.
-#
-#	RATE LIMIT	You may rate-limit the rule by placing a value in
-#			this colume:
-#
-#				<rate>/<interval>[:<burst>]
-#
-#			where <rate> is the number of connections per
-#			<interval> ("sec" or "min") and <burst> is the
-#			largest burst permitted. If no <burst> is given,
-#			a value of 5 is assumed. There may be no
-#			no whitespace embedded in the specification.
-#
-#				Example: 10/sec:20
-#
-#	USER/GROUP	This column may only be non-empty if the SOURCE is
-#			the firewall itself.
-#
-#			The column may contain:
-#
-#	[!][<user name or number>][:<group name or number>][+<program name>]
-#
-#			When this column is non-empty, the rule applies only
-#			if the program generating the output is running under
-#			the effective <user> and/or <group> specified (or is
-#			NOT running under that id if "!" is given).
-#
-#			Examples:
-#
-#				joe	#program must be run by joe
-#				:kids	#program must be run by a member of
-#					#the 'kids' group
-#				!:kids	#program must not be run by a member
-#					#of the 'kids' group
-#				+upnpd	#program named upnpd (This feature was
-#					#removed from Netfilter in kernel
-#					#version 2.6.14).
-#
-# A few examples should help show how Macros work.
-#
-# /etc/shorewall/macro.FwdFTP:
-#
-#	#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGINAL RATE	USER/
-#	#				PORT(S)	PORT(S)	DEST	 LIMIT	GROUP
-#	DNAT	-	-	tcp	21
-#
-# /etc/shorewall/rules:
-#
-#	#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGINAL RATE	USER/
-#	#				PORT(S)	PORT(S)	DEST	 LIMIT	GROUP
-#	FwdFTP	net	loc:192.168.1.5
-#
-# The result is equivalent to:
-#
-#	#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGINAL RATE	USER/
-#	#				PORT(S)	PORT(S)	DEST	 LIMIT	GROUP
-#	DNAT	net	loc:192.168.1.5	tcp	21
-#
-# The substitution rules are as follows:
-#
-#	ACTION column		If in the invocation of the macro, the macro
-#				name is followed by slash ("/") and a second
-#				name, the second name is substituted for each
-#				entry in the macro whose ACTION is PARAM
-#
-#				For example, if macro FOO is invoked as
-#				FOO/ACCEPT then when expanding macro.FOO,
-#				Shorewall will substitute ACCEPT in each
-#				entry in macro.FOO whose ACTION column
-#				contains PARAM. PARAM may be optionally
-#				followed by a colon and a log level.
-#
-#				You may also follow the
-#
-#				Any logging specified when the macro is
-#				invoked is applied to each entry in the macros.
-#
-#	SOURCE and DEST		If the column in the macro is empty then the
-#	columns			value in the rules file is used. If the column
-#				in the macro is non-empty then any value in
-#				the rules file is appended with a ":"
-#				separator.
-#
-#	Example:		###############################################
-#				#ACTION	 SOURCE	DEST		PROTO	DEST
-#				#					PORT(S)
-#		macro.FTP File	PARAM	 net	loc		tcp	21
-#		rules File	FTP/DNAT -	192.168.1.5
-#		Result		DNAT	 net	loc:192.168.1.5	tcp	21
-#
-#	Remaining		Any value in the rules file REPLACES the value
-#	columns			given in the macro file.
-#
-#######################################################################################################
-#                                         DO NOT REMOVE THE FOLLOWING LINE
-FORMAT 2
-#######################################################################################################
-#ACTION		SOURCE		DEST	PROTO	DEST	SOURCE	ORIGINAL	RATE	USER/	ORIGINAL
-#						PORT(S)	PORT(S)	DEST		LIMIT	GROUP   DEST
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/shorewall6.conf
+++ b/Shorewall6/shorewall6.conf
@ -66,7 +66,7 @@ SUBSYSLOCK=/var/lock/subsys/shorewall

 MODULESDIR=

-CONFIG_PATH=/etc/shorewall6:/usr/share/shorewall6
+CONFIG_PATH=/etc/shorewall6:/usr/share/shorewall6:/usr/share/shorewall

 RESTOREFILE=