From 724115bcbfee446c4d9e969b88f50e93bca2056a Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Tue, 15 Jan 2013 13:21:37 -0800
Subject: [PATCH 1/2] Add macro.ActiveDir

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Macros/macro.ActiveDir | 40 ++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 Shorewall/Macros/macro.ActiveDir

diff --git a/Shorewall/Macros/macro.ActiveDir b/Shorewall/Macros/macro.ActiveDir
new file mode 100644
index 000000000..625c44e70
--- /dev/null
+++ b/Shorewall/Macros/macro.ActiveDir
@@ -0,0 +1,40 @@
+#
+# Shorewall version 4 - Samba 4 Macro
+#
+# /usr/share/shorewall/macro.ActiveDir
+#
+#       This macro handles ports for Samba 4 Active Directory Service
+#
+# You can comment out the ports you do not want open
+#
+# 
+###############################################################################
+#ACTION SOURCE  DEST    PROTO   DEST    SOURCE  RATE    USER/
+#                               PORT(S) PORT(S) LIMIT   GROUP
+PARAM   -       -       tcp     389 	#LDAP services
+PARAM   -       -       udp	389  
+PARAM   -       -       tcp     636	#LDAP SSL
+PARAM   -       -       tcp     3268	#LDAP GC
+PARAM   -       -       tcp     3269	#LDAP GC SSL
+PARAM   -       -       tcp     88	#Kerberos
+PARAM   -       -       udp	88
+
+# Use macro.DNS for DNS sevice
+
+PARAM   -       -       tcp     445	#Replication, User and Computer Authentication, Group Policy, Trusts
+PARAM   -       -       udp	445
+
+# Use macro.SMTP for Mail service
+
+PARAM   -       -       tcp     135	#RPC, EPM
+PARAM   -       -       tcp     5722	#RPC, DFSR (SYSVOL)
+PARAM   -       -       udp	123	#Windows Time
+PARAM   -       -       tcp     464	#Kerberosb change/set password
+PARAM   -       -       udp	464
+PARAM   -       -       udp	138	#DFS, Group Policy
+PARAM   -       -       tcp     9389	#SOAP
+PARAM   -       -       tcp     2535	#MADCAP
+PARAM   -       -       udp	2535
+PARAM   -       -       udp     137	#NetLogon, NetBIOS Name Resolution
+PARAM   -       -       tcp	139	#DFSN, NetBIOS Session Service, NetLogon    
+  

From 066c159b4d33f184ad973d28918b9d23ef56130d Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Thu, 17 Jan 2013 10:21:08 -0800
Subject: [PATCH 2/2] Provide instructions for changing DISABLE_IPV6 from Yes
 to No

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/manpages/shorewall.conf.xml | 28 +++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/Shorewall/manpages/shorewall.conf.xml b/Shorewall/manpages/shorewall.conf.xml
index 9cbea2963..1fd5bd29a 100644
--- a/Shorewall/manpages/shorewall.conf.xml
+++ b/Shorewall/manpages/shorewall.conf.xml
@@ -607,6 +607,34 @@
           Shorewall will take no action with respect to allowing or
           disallowing IPv6 traffic. If not specified or empty,
           “DISABLE_IPV6=No” is assumed.</para>
+
+          <important>
+            <para>After changing the setting from <option>Yes</option> to
+            <option>No</option>, you must execute the following
+            commands:</para>
+
+            <itemizedlist>
+              <listitem>
+                <para><command>shorewall restart</command></para>
+              </listitem>
+
+              <listitem>
+                <para><command>ip6tables -F</command></para>
+              </listitem>
+
+              <listitem>
+                <para><command>ip6tables -P INPUT ACCEPT</command></para>
+              </listitem>
+
+              <listitem>
+                <para><command>ip6tables -P OUTPUT ACCEPT</command></para>
+              </listitem>
+
+              <listitem>
+                <para><command>ip6tables -P FORWARD ACCEPT</command></para>
+              </listitem>
+            </itemizedlist>
+          </important>
         </listitem>
       </varlistentry>