diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index b1ca8ded3..101d63f77 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -343,9 +343,6 @@ sub process_default_action( $$$$ ) {
$level eq 'none' ? normalize_action_name $def :
normalize_action( $def, $level, '' );
use_policy_action( $default );
- } elsif ( find_macro( $def )) {
- $default = join( '.', 'macro', $def ) unless $default =~ /^macro./;
- $default = "$def($param)" if supplied $param;
} elsif ( ( $targets{$def} || 0 ) == INLINE ) {
$default = $def;
$default = "$def($param)" if supplied $param;
@@ -582,7 +579,6 @@ sub process_policies()
#
# Policy Rule application
#
-sub process_macro ($$$$$$$$$$$$$$$$$$$);
sub process_inline ($$$$$$$$$$$$$$$$$$$);
sub policy_rules( $$$$$ ) {
@@ -592,66 +588,39 @@ sub policy_rules( $$$$$ ) {
add_ijump $chainref, j => 'RETURN', d => '224.0.0.0/4' if $dropmulticast && $target ne 'CONTINUE' && $target ne 'ACCEPT';
if ( $default && $default ne 'none' ) {
- if ( $default =~ s/^macro\.// ) {
- #
- # Default action is a macro -- expand it in-line
- #
- my ( $macro ) = split ':', $default;
+ my ( $inline ) = split ':', $default;
- ( $macro, my $param ) = get_target_param( $macro );
+ ( $inline, my $param ) = get_target_param( $inline );
- process_macro( $macro, #Macro
- $chainref, #Chain
- $default, #Target
- $param || '', #Param
- '-', #Source
- '-', #Dest
- '-', #Proto
- '-', #Ports
- '-', #Sports
- '-', #Original Dest
- '-', #Rate
- '-', #User
- '-', #Mark
- '-', #ConnLimit
- '-', #Time
- '-', #Headers
- '-', #Condition
- '-', #Helper
- 0, #Wildcard
- );
+ if ( $targets{$inline} == INLINE ) {
+ #
+ # Default action is an inline
+ #
+ process_inline( $inline, #Inline
+ $chainref, #Chain
+ $default, #Target
+ $param || '', #Param
+ '-', #Source
+ '-', #Dest
+ '-', #Proto
+ '-', #Ports
+ '-', #Sports
+ '-', #Original Dest
+ '-', #Rate
+ '-', #User
+ '-', #Mark
+ '-', #ConnLimit
+ '-', #Time
+ '-', #Headers
+ '-', #Condition
+ '-', #Helper
+ 0, #Wildcard
+ );
} else {
- my ( $inline ) = split ':', $default;
-
- ( $inline, my $param ) = get_target_param( $inline );
-
- if ( $targets{$inline} == INLINE ) {
- process_inline( $inline, #Inline
- $chainref, #Chain
- $default, #Target
- $param || '', #Param
- '-', #Source
- '-', #Dest
- '-', #Proto
- '-', #Ports
- '-', #Sports
- '-', #Original Dest
- '-', #Rate
- '-', #User
- '-', #Mark
- '-', #ConnLimit
- '-', #Time
- '-', #Headers
- '-', #Condition
- '-', #Helper
- 0, #Wildcard
- );
- } else {
- #
- # Default action is an action -- jump to the action chain
- #
- add_ijump $chainref, j => $default;
- }
+ #
+ # Default action is a regular action -- jump to the action chain
+ #
+ add_ijump $chainref, j => $default;
}
}
@@ -1667,10 +1636,6 @@ sub process_macro ($$$$$$$$$$$$$$$$$$$) {
macro_comment $macro;
- my $oldparms = push_action_params( $chainref, $param );
-
- ( $param ) = get_action_params( 1 );
-
my $macrofile = $macros{$macro};
progress_message "..Expanding Macro $macrofile...";
@@ -1790,8 +1755,6 @@ sub process_macro ($$$$$$$$$$$$$$$$$$$) {
progress_message "..End Macro $macrofile";
- pop_action_params( $oldparms );
-
clear_comment unless $nocomment;
return $generated;
diff --git a/Shorewall/manpages/shorewall-policy.xml b/Shorewall/manpages/shorewall-policy.xml
index 0904c98b8..e22f19266 100644
--- a/Shorewall/manpages/shorewall-policy.xml
+++ b/Shorewall/manpages/shorewall-policy.xml
@@ -112,23 +112,14 @@
The name of an action. The action will be invoked before
the policy is enforced.
-
-
- The name of a macro (Shorewall 4.5.10 or later). The rules
- in that macro will be applied before the policy is enforced. If
- you wish to use a macro with the same name as an existing
- action, you may specify the name of the macro file (e.g.,
- macro.macro-name).
-
- Both actions and macros can have parameters specified.
+ Actions can have parameters specified.
- Beginning with Shorewall 4.5.10, the macro or action name can
- be followed optionally by a colon and a log level. The level will be
- applied to each rule in the action or macro body that does not
- already have a log level.
+ Beginning with Shorewall 4.5.10, the action name can be
+ followed optionally by a colon and a log level. The level will be
+ applied to each rule in the action or body that does not already
+ have a log level.Possible actions are:
diff --git a/Shorewall/manpages/shorewall.conf.xml b/Shorewall/manpages/shorewall.conf.xml
index 5a6f1e113..9b9eb50b0 100644
--- a/Shorewall/manpages/shorewall.conf.xml
+++ b/Shorewall/manpages/shorewall.conf.xml
@@ -152,19 +152,6 @@
The value applied to these may be:
-
- a) The name of an action. The
- name may optionally be followed by a comma-separated list of
- parameters enclosed in parentheses if the specified action accepts
- parameters (e.g., 'Drop(audit)').
-
- b) The name of a macro
- (Shorewall 4.5.10 and Later)
-
- c) None or none
-
-
The default values are:
@@ -184,20 +171,14 @@
specified in shorewall-policy(5).
- Beginning with Shorewall 4.5.10,
- action may name a macro. If you wish to
- use a macro with the same name as an existing action, you may
- specify the name of the macro file (e.g., macro.macro-name).
-
You can pass parameters to the
- specified action or macro (e.g.,
+ specified action (e.g.,
myaction(audit,DROP)).
- Beginning with Shorewall 4.5.10, the macro or action name can
- be followed optionally by a colon and a log
+ Beginning with Shorewall 4.5.10, the action name can be
+ followed optionally by a colon and a log
level. The level will be applied to each
- rule in the action or macro body that does not already have a log
+ rule in the action or body that does not already have a log
level.
diff --git a/Shorewall6/manpages/shorewall6-policy.xml b/Shorewall6/manpages/shorewall6-policy.xml
index 2ed83324e..115dd6324 100644
--- a/Shorewall6/manpages/shorewall6-policy.xml
+++ b/Shorewall6/manpages/shorewall6-policy.xml
@@ -97,36 +97,29 @@
Policy if no match from the rules file is found.
- If the policy is other than CONTINUE or NONE then the policy
- may be followed by ":" and one of the following:
+ If the policy is neither CONTINUE nor NONE then the policy may
+ be followed by ":" and one of the following:The word "None" or "none". This causes any default action
defined in shorewall6.conf(5) to be
+ url="shorewall.conf.html">shorewall.conf(5) to be
omitted for this policy.
- The name of an action. That action will be invoked before
+ The name of an action. The action will be invoked before
the policy is enforced.
-
-
- The name of a macro (Shorewall 4.5.10 or later). The rules
- in that macro will be applied before the policy is enforced. If
- you wish to use a macro with the same name as an existing
- action, you may specify the name of the macro file (e.g.,
- macro.macro-name).
-
- Beginning with Shorewall 4.5.10, the macro or action name can
- be followed optionally by a colon and a log level. The level will be
- applied to each rule in the action or macro body that does not
- already have a log level.
+ Actions can have parameters specified.
+
+ Beginning with Shorewall 4.5.10, the action name can be
+ followed optionally by a colon and a log level. The level will be
+ applied to each rule in the action or body that does not already
+ have a log level.Possible actions are:
diff --git a/Shorewall6/manpages/shorewall6.conf.xml b/Shorewall6/manpages/shorewall6.conf.xml
index 9cb8ece89..373d628fb 100644
--- a/Shorewall6/manpages/shorewall6.conf.xml
+++ b/Shorewall6/manpages/shorewall6.conf.xml
@@ -136,9 +136,6 @@
parameters enclosed in parentheses if the specified action accepts
parameters (e.g., 'Drop(audit)').
- b) The name of a macro
- (Shorewall 4.5.10 and Laater)
-
c) None or none
@@ -162,18 +159,12 @@
specified in shorewall6-policy(5).
- Beginning with Shorewall 4.5.10,
- action may name a macro. If you wish to
- use a macro with the same name as an existing action, you may
- specify the name of the macro file here (e.g., macro.macro-name).
-
You can pass parameters to the
specified action or macro (e.g.,
myaction(audit,DROP)).
- Beginning with Shorewall 4.5.10, the macro or action name can
- be followed optionally by a colon and a log
+ Beginning with Shorewall 4.5.10, the action name can be
+ followed optionally by a colon and a log
level. The level will be applied to each
rule in the action or macro body that does not already have a log
level.
diff --git a/docs/Actions.xml b/docs/Actions.xml
index db50e88cc..2fdb9aae3 100644
--- a/docs/Actions.xml
+++ b/docs/Actions.xml
@@ -28,6 +28,8 @@
2010
+ 2012
+
Thomas M. Eastep
@@ -316,6 +318,12 @@ ACCEPT - - tcp 135,139,445
action begins with a capital letter; that way, the name won't conflict
with a Shorewall-defined chain name.
+ Normally. the rules in an action are placed in a separate chain.
+ Beginning with Shorewall 4.5.10, the action rules can be expanded
+ inline in a manner similar to a macro by specifying
+ in the OPTIONS column of
+ /etc/shorewall/actions.
+
Shorewall includes pre-defined actions for DROP and REJECT --
see above.
diff --git a/docs/Macros.xml b/docs/Macros.xml
index 597b955b3..2752fee72 100644
--- a/docs/Macros.xml
+++ b/docs/Macros.xml
@@ -297,15 +297,12 @@ ACCEPT fw loc tcp 135,139,445
the value of the first parameter, $2 expands to the value of the second
and so on.
- You can specify default values for parameters using a DEFAULT or
- DEFAULTS line.
+ You can specify default values for PARAM
- DEFAULTS def1,def2,...
+ DEFAULT def
- where def1 is the default value for the
- first parameter, def2 is the default value
- for the second parameter and so on. You can specify an empty default
- using '-' (e.g. DEFAULTS DROP,-,audit).
+ where def is the default value for
+ PARAM