Some updates to macros for clarity and consistency

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3365 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/macro.Amanda

@@ -3,10 +3,19 @@
 #
 # /usr/share/shorewall/macro.Amanda
 #
-#	This macro handles connections to the AMANDA backup system.
+#	This macro handles connections required by the AMANDA backup
+#	system to back up remote nodes.  It does not provide the ability
+#	to restore files from those nodes.
 #
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGINAL	RATE	USER/
 #				PORT	PORT(S)	DEST		LIMIT	GROUP
 PARAM	-	-	udp	10080
+#
+# You may also need this rule.  With AMANDA 2.4.4 on Linux kernel 2.6,
+# it should not be necessary to use this.  The ip_conntrack_amanda
+# kernel module should be loaded (via /etc/shorewall/modules) on all
+# systems which need to pass AMANDA traffic through netfilter.
+#PARAM	-	-	tcp	50000:50100
+#
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/macro.BitTorrent

@@ -9,4 +9,8 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGINAL	RATE	USER/
 #				PORT	PORT(S)	DEST		LIMIT	GROUP
 PARAM	-	-	tcp	6881:6889
+#
+# It may also be necessary to allow UDP traffic:
+#PARAM	-	-	udp	6881
+#
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/macro.Gnutella

@@ -3,7 +3,7 @@
 #
 # /usr/share/shorewall/macro.Gnutella
 #
-#	This macro handles gnutella traffic.
+#	This macro handles Gnutella traffic.
 #
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGINAL	RATE	USER/

Shorewall/macro.ICQ

@@ -3,7 +3,8 @@
 #
 # /usr/share/shorewall/macro.ICQ
 #
-#	This macro handles ICQ traffic.
+#	This macro handles ICQ, now called AOL Instant Messenger (or
+#	AIM), traffic.
 #
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGINAL	RATE	USER/

Shorewall/macro.LDAP

@@ -8,6 +8,6 @@
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGINAL	RATE	USER/
 #				PORT	PORT(S)	DEST		LIMIT	GROUP
-PARAM	-	-	tcp	389
-PARAM	-	-	tcp	636
+PARAM	-	-	tcp	389	# plaintext
+PARAM	-	-	tcp	636	# over SSL
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/macro.MySQL

@@ -3,10 +3,10 @@
 #
 # /usr/share/shorewall/macro.MySQL
 #
-#	This action macro.handles connections to the MySQL server.
+#	This action macro handles connections to the MySQL server.
 #
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGINAL	RATE	USER/
 #				PORT	PORT(S)	DEST		LIMIT	GROUP
-PARAM	-	-	tcp	3.26
+PARAM	-	-	tcp	3306
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/macro.NNTP

@@ -8,6 +8,6 @@
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGINAL	RATE	USER/
 #				PORT	PORT(S)	DEST		LIMIT	GROUP
-PARAM	-	-	tcp	119
-PARAM	-	-	tcp	563
+PARAM	-	-	tcp	119	# plaintext
+PARAM	-	-	tcp	563	# over SSL
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/macro.Rdate

@@ -4,6 +4,8 @@
 # /usr/share/shorewall/macro.Rdate
 #
 #	This macro handles remote time retrieval (rdate).
+#	Unless you are supporting extremely old hardware or software,
+#	you shouldn't be using this.  NTP is a superior alternative.
 #
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGINAL	RATE	USER/

Shorewall/macro.SMB

@@ -3,8 +3,11 @@
 #
 # /usr/share/shorewall/macro.SMB
 #
-#	This macro handles Microsoft SMB traffic. You need to invoke this macro
-#	in both directions.
+#	This macro handles Microsoft SMB traffic. You need to invoke
+#	this macro in both directions.  Beware!  This rule opens a lot
+#	of ports, and could possibly be used to compromise your firewall
+#	if not used with care.  You should only allow SMB traffic
+#	between hosts you fully trust.
 #
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGINAL	RATE	USER/

Shorewall/macro.SMTP

@@ -13,5 +13,6 @@
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGINAL	RATE	USER/
 #				PORT	PORT(S)	DEST		LIMIT	GROUP
-PARAM	-	-	tcp	25
+PARAM	-	-	tcp	25	# plaintext
+PARAM	-	-	tcp	465	# over SSL
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/macro.Web

@@ -8,6 +8,6 @@
 ###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGINAL	RATE	USER/
 #				PORT	PORT(S)	DEST		LIMIT	GROUP
-PARAM	-	-	tcp	80
-PARAM	-	-	tcp	443
+PARAM	-	-	tcp	80	# HTTP (plaintext)
+PARAM	-	-	tcp	443	# HTTPS (over SSL)
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE