From dbd55acba21cc492f33295c2aea6644a02a5f40b Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Fri, 21 Dec 2012 15:51:14 -0800 Subject: [PATCH] Update samples, standard Actions and Macros to use ?FORMAT --- Shorewall/Macros/macro.Amanda | 2 +- Shorewall/Macros/macro.FTP | 2 +- Shorewall/Macros/macro.IRC | 2 +- Shorewall/Macros/macro.PPtP | 2 +- Shorewall/Macros/macro.Rfc1918 | 2 +- Shorewall/Macros/macro.SANE | 2 +- Shorewall/Macros/macro.SIP | 2 +- Shorewall/Macros/macro.SMB | 2 +- Shorewall/Macros/macro.SMBBI | 2 +- Shorewall/Macros/macro.SNMP | 2 +- Shorewall/Macros/macro.SNMPTrap | 2 +- Shorewall/Macros/macro.TFTP | 2 +- Shorewall/Macros/macro.template | 2 +- Shorewall/Samples/Universal/interfaces | 2 +- Shorewall/Samples/one-interface/interfaces | 2 +- Shorewall/Samples/three-interfaces/interfaces | 2 +- Shorewall/Samples/two-interfaces/interfaces | 2 +- Shorewall/action.Broadcast | 2 +- Shorewall/action.Drop | 2 +- Shorewall/action.DropSmurfs | 2 +- Shorewall/action.Invalid | 2 +- Shorewall/action.NotSyn | 2 +- Shorewall/action.RST | 2 +- Shorewall/action.Reject | 2 +- Shorewall/action.TCPFlags | 2 +- Shorewall/action.template | 2 +- Shorewall/configfiles/conntrack | 2 +- Shorewall/configfiles/interfaces | 2 +- Shorewall/configfiles/tcrules | 2 +- Shorewall6/Samples6/Universal/interfaces | 2 +- Shorewall6/Samples6/one-interface/interfaces | 2 +- Shorewall6/Samples6/three-interfaces/interfaces | 2 +- Shorewall6/Samples6/two-interfaces/interfaces | 2 +- Shorewall6/action.AllowICMPs | 2 +- Shorewall6/action.Broadcast | 2 +- Shorewall6/action.Drop | 2 +- Shorewall6/action.Reject | 2 +- Shorewall6/action.template | 2 +- Shorewall6/configfiles/conntrack | 2 +- Shorewall6/configfiles/interfaces | 2 +- Shorewall6/configfiles/tcrules | 2 +- 41 files changed, 41 insertions(+), 41 deletions(-) diff --git a/Shorewall/Macros/macro.Amanda b/Shorewall/Macros/macro.Amanda index bf45c2d69..d34f8eea8 100644 --- a/Shorewall/Macros/macro.Amanda +++ b/Shorewall/Macros/macro.Amanda @@ -8,7 +8,7 @@ # files from those nodes. # ############################################################################### -FORMAT 2 +?FORMAT 2 #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP diff --git a/Shorewall/Macros/macro.FTP b/Shorewall/Macros/macro.FTP index 038857a53..68cd46bc8 100644 --- a/Shorewall/Macros/macro.FTP +++ b/Shorewall/Macros/macro.FTP @@ -6,7 +6,7 @@ # This macro handles FTP traffic. # ############################################################################### -FORMAT 2 +?FORMAT 2 #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP ?if ( __CT_TARGET && ! $AUTOHELPERS && __FTP_HELPER ) diff --git a/Shorewall/Macros/macro.IRC b/Shorewall/Macros/macro.IRC index 020bee064..e0d6973db 100644 --- a/Shorewall/Macros/macro.IRC +++ b/Shorewall/Macros/macro.IRC @@ -6,7 +6,7 @@ # This macro handles IRC traffic (Internet Relay Chat). # ############################################################################### -FORMAT 2 +?FORMAT 2 #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP diff --git a/Shorewall/Macros/macro.PPtP b/Shorewall/Macros/macro.PPtP index c126707b6..b4ba427e8 100644 --- a/Shorewall/Macros/macro.PPtP +++ b/Shorewall/Macros/macro.PPtP @@ -6,7 +6,7 @@ # This macro handles PPTP traffic. # ############################################################################### -FORMAT 2 +?FORMAT 2 #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - 47 diff --git a/Shorewall/Macros/macro.Rfc1918 b/Shorewall/Macros/macro.Rfc1918 index e07e5aa54..3dca82b2b 100644 --- a/Shorewall/Macros/macro.Rfc1918 +++ b/Shorewall/Macros/macro.Rfc1918 @@ -7,7 +7,7 @@ ############################################################################################# #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ # PORT(S) PORT(S) DEST LIMIT GROUP -FORMAT 2 +?FORMAT 2 PARAM SOURCE:10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 \ DEST - - - - - - PARAM SOURCE DEST - - - 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 diff --git a/Shorewall/Macros/macro.SANE b/Shorewall/Macros/macro.SANE index 40721e64d..7bed29b98 100644 --- a/Shorewall/Macros/macro.SANE +++ b/Shorewall/Macros/macro.SANE @@ -6,7 +6,7 @@ # This macro handles SANE network scanning. # ############################################################################### -FORMAT 2 +?FORMAT 2 #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP diff --git a/Shorewall/Macros/macro.SIP b/Shorewall/Macros/macro.SIP index 015d8b688..a1c02c5c0 100644 --- a/Shorewall/Macros/macro.SIP +++ b/Shorewall/Macros/macro.SIP @@ -6,7 +6,7 @@ # This macro handles SIP traffic. # ############################################################################### -FORMAT 2 +?FORMAT 2 #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP diff --git a/Shorewall/Macros/macro.SMB b/Shorewall/Macros/macro.SMB index 20208fdf3..d6bc3c659 100644 --- a/Shorewall/Macros/macro.SMB +++ b/Shorewall/Macros/macro.SMB @@ -10,7 +10,7 @@ # between hosts you fully trust. # ############################################################################### -FORMAT 2 +?FORMAT 2 #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - udp 135,445 diff --git a/Shorewall/Macros/macro.SMBBI b/Shorewall/Macros/macro.SMBBI index 08311d3fe..4e1865a95 100644 --- a/Shorewall/Macros/macro.SMBBI +++ b/Shorewall/Macros/macro.SMBBI @@ -10,7 +10,7 @@ # allow SMB traffic between hosts you fully trust. # ############################################################################### -FORMAT 2 +?FORMAT 2 #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - udp 135,445 diff --git a/Shorewall/Macros/macro.SNMP b/Shorewall/Macros/macro.SNMP index 9d35df9e5..3811cb91e 100644 --- a/Shorewall/Macros/macro.SNMP +++ b/Shorewall/Macros/macro.SNMP @@ -8,7 +8,7 @@ # Note: To allow SNMP Traps, use the SNMPTrap macro # ############################################################################### -FORMAT 2 +?FORMAT 2 #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP diff --git a/Shorewall/Macros/macro.SNMPTrap b/Shorewall/Macros/macro.SNMPTrap index cefc1efc0..9bf5b23f9 100644 --- a/Shorewall/Macros/macro.SNMPTrap +++ b/Shorewall/Macros/macro.SNMPTrap @@ -6,7 +6,7 @@ # This macro handles SNMP traps. # ############################################################################### -FORMAT 2 +?FORMAT 2 #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - udp 162 diff --git a/Shorewall/Macros/macro.TFTP b/Shorewall/Macros/macro.TFTP index 8e7ccb4f3..87c57ea65 100644 --- a/Shorewall/Macros/macro.TFTP +++ b/Shorewall/Macros/macro.TFTP @@ -8,7 +8,7 @@ # Internet. # ############################################################################### -FORMAT 2 +?FORMAT 2 #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP diff --git a/Shorewall/Macros/macro.template b/Shorewall/Macros/macro.template index c2f87aab9..9e2ec2199 100644 --- a/Shorewall/Macros/macro.template +++ b/Shorewall/Macros/macro.template @@ -81,7 +81,7 @@ # ####################################################################################################### # DO NOT REMOVE THE FOLLOWING LINE -FORMAT 2 +?FORMAT 2 ################################################################################################################################################################################################# #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH HELPER # PORT PORT(S) DEST LIMIT GROUP diff --git a/Shorewall/Samples/Universal/interfaces b/Shorewall/Samples/Universal/interfaces index 95bb70e92..3c732c82f 100644 --- a/Shorewall/Samples/Universal/interfaces +++ b/Shorewall/Samples/Universal/interfaces @@ -7,7 +7,7 @@ # http://www.shorewall.net/manpages/shorewall-interfaces.html # ############################################################################### -FORMAT 2 +?FORMAT 2 ############################################################################### #ZONE INTERFACE OPTIONS - lo ignore diff --git a/Shorewall/Samples/one-interface/interfaces b/Shorewall/Samples/one-interface/interfaces index 789388943..fd4b0a7ff 100644 --- a/Shorewall/Samples/one-interface/interfaces +++ b/Shorewall/Samples/one-interface/interfaces @@ -11,7 +11,7 @@ #------------------------------------------------------------------------------ # For information about entries in this file, type "man shorewall-interfaces" ############################################################################### -FORMAT 2 +?FORMAT 2 ############################################################################### #ZONE INTERFACE OPTIONS net eth0 dhcp,tcpflags,logmartians,nosmurfs,sourceroute=0 diff --git a/Shorewall/Samples/three-interfaces/interfaces b/Shorewall/Samples/three-interfaces/interfaces index fa9c35a59..d85050598 100644 --- a/Shorewall/Samples/three-interfaces/interfaces +++ b/Shorewall/Samples/three-interfaces/interfaces @@ -11,7 +11,7 @@ #------------------------------------------------------------------------------ # For information about entries in this file, type "man shorewall-interfaces" ############################################################################### -FORMAT 2 +?FORMAT 2 ############################################################################### #ZONE INTERFACE OPTIONS net eth0 tcpflags,dhcp,nosmurfs,routefilter,logmartians,sourceroute=0 diff --git a/Shorewall/Samples/two-interfaces/interfaces b/Shorewall/Samples/two-interfaces/interfaces index 6df4ab365..e3aaca1f8 100644 --- a/Shorewall/Samples/two-interfaces/interfaces +++ b/Shorewall/Samples/two-interfaces/interfaces @@ -11,7 +11,7 @@ #------------------------------------------------------------------------------ # For information about entries in this file, type "man shorewall-interfaces" ############################################################################### -FORMAT 2 +?FORMAT 2 ############################################################################### #ZONE INTERFACE OPTIONS net eth0 dhcp,tcpflags,nosmurfs,routefilter,logmartians,sourceroute=0 diff --git a/Shorewall/action.Broadcast b/Shorewall/action.Broadcast index 694b503cf..80f9737ef 100644 --- a/Shorewall/action.Broadcast +++ b/Shorewall/action.Broadcast @@ -27,7 +27,7 @@ # Default action is DROP # ########################################################################################## -FORMAT 2 +?FORMAT 2 DEFAULTS DROP,- diff --git a/Shorewall/action.Drop b/Shorewall/action.Drop index 2842cd238..30d2874cd 100644 --- a/Shorewall/action.Drop +++ b/Shorewall/action.Drop @@ -31,7 +31,7 @@ # IF YOU ARE HAVING CONNECTION PROBLEMS, CHANGING THIS FILE WON'T HELP!!!!!!!!! # ############################################################################### -FORMAT 2 +?FORMAT 2 # # The following magic provides different defaults for @2 thru @5, when @1 is # 'audit'. diff --git a/Shorewall/action.DropSmurfs b/Shorewall/action.DropSmurfs index 4f76bae1e..246927d94 100644 --- a/Shorewall/action.DropSmurfs +++ b/Shorewall/action.DropSmurfs @@ -9,7 +9,7 @@ # audit = Audit dropped packets. # ################################################################################# -FORMAT 2 +?FORMAT 2 DEFAULTS - diff --git a/Shorewall/action.Invalid b/Shorewall/action.Invalid index 023197e25..edf6bbf8f 100644 --- a/Shorewall/action.Invalid +++ b/Shorewall/action.Invalid @@ -27,7 +27,7 @@ # Default action is DROP # ########################################################################################## -FORMAT 2 +?FORMAT 2 DEFAULTS DROP,- diff --git a/Shorewall/action.NotSyn b/Shorewall/action.NotSyn index 63566b106..448f6bbd0 100644 --- a/Shorewall/action.NotSyn +++ b/Shorewall/action.NotSyn @@ -27,7 +27,7 @@ # Default action is DROP # ########################################################################################## -FORMAT 2 +?FORMAT 2 DEFAULTS DROP,- diff --git a/Shorewall/action.RST b/Shorewall/action.RST index 0f7641ee6..aab2535ff 100644 --- a/Shorewall/action.RST +++ b/Shorewall/action.RST @@ -27,7 +27,7 @@ # Default action is DROP # ########################################################################################## -FORMAT 2 +?FORMAT 2 DEFAULTS DROP,- diff --git a/Shorewall/action.Reject b/Shorewall/action.Reject index 6adb34ca0..d3c7dcc9a 100644 --- a/Shorewall/action.Reject +++ b/Shorewall/action.Reject @@ -27,7 +27,7 @@ # # IF YOU ARE HAVING CONNECTION PROBLEMS, CHANGING THIS FILE WON'T HELP!!!!!!!!! ############################################################################### -FORMAT 2 +?FORMAT 2 # # The following magic provides different defaults for @2 thru @5, when @1 is # 'audit'. diff --git a/Shorewall/action.TCPFlags b/Shorewall/action.TCPFlags index 82b17e5eb..8e302c269 100644 --- a/Shorewall/action.TCPFlags +++ b/Shorewall/action.TCPFlags @@ -9,7 +9,7 @@ # audit = Audit dropped packets. # ################################################################################# -FORMAT 2 +?FORMAT 2 DEFAULTS DROP,- diff --git a/Shorewall/action.template b/Shorewall/action.template index cfb5dba0e..2153f9b33 100644 --- a/Shorewall/action.template +++ b/Shorewall/action.template @@ -20,7 +20,7 @@ # ####################################################################################################### # DO NOT REMOVE THE FOLLOWING LINE -FORMAT 2 +?FORMAT 2 ################################################################################################################################################################################################# #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH HELPER # PORT PORT(S) DEST LIMIT GROUP diff --git a/Shorewall/configfiles/conntrack b/Shorewall/configfiles/conntrack index 4cc8b446b..963696e1c 100644 --- a/Shorewall/configfiles/conntrack +++ b/Shorewall/configfiles/conntrack @@ -4,7 +4,7 @@ # For information about entries in this file, type "man shorewall-conntrack" # ############################################################################################################## -FORMAT 3 +?FORMAT 3 #ACTION SOURCE DESTINATION PROTO DEST SOURCE USER/ SWITCH # PORT(S) PORT(S) GROUP ?if $AUTOHELPERS && __CT_TARGET diff --git a/Shorewall/configfiles/interfaces b/Shorewall/configfiles/interfaces index 4eb576b1c..7520c4f19 100644 --- a/Shorewall/configfiles/interfaces +++ b/Shorewall/configfiles/interfaces @@ -7,6 +7,6 @@ # http://www.shorewall.net/manpages/shorewall-interfaces.html # ############################################################################### -FORMAT 2 +?FORMAT 2 ############################################################################### #ZONE INTERFACE OPTIONS diff --git a/Shorewall/configfiles/tcrules b/Shorewall/configfiles/tcrules index 43f6172fb..4a74117c6 100644 --- a/Shorewall/configfiles/tcrules +++ b/Shorewall/configfiles/tcrules @@ -10,7 +10,7 @@ # See http://shorewall.net/PacketMarking.html for a detailed description of # the Netfilter/Shorewall packet marking mechanism. ########################################################################################################################################## -FORMAT 2 +?FORMAT 2 ########################################################################################################################################## #ACTION SOURCE DEST PROTO DEST SOURCE USER TEST LENGTH TOS CONNBYTES HELPER PROBABILITY DSCP # PORT(S) PORT(S) diff --git a/Shorewall6/Samples6/Universal/interfaces b/Shorewall6/Samples6/Universal/interfaces index b86de5541..61dc51746 100644 --- a/Shorewall6/Samples6/Universal/interfaces +++ b/Shorewall6/Samples6/Universal/interfaces @@ -7,7 +7,7 @@ # http://www.shorewall.net/manpages/shorewall-interfaces.html # ############################################################################### -FORMAT 2 +?FORMAT 2 ############################################################################### #ZONE INTERFACE OPTIONS - lo ignore diff --git a/Shorewall6/Samples6/one-interface/interfaces b/Shorewall6/Samples6/one-interface/interfaces index ba3f5827c..f5b17a544 100644 --- a/Shorewall6/Samples6/one-interface/interfaces +++ b/Shorewall6/Samples6/one-interface/interfaces @@ -11,7 +11,7 @@ #------------------------------------------------------------------------------ # For information about entries in this file, type "man shorewall6-interfaces" ############################################################################### -FORMAT 2 +?FORMAT 2 ############################################################################### #ZONE INTERFACE OPTIONS net eth0 tcpflags diff --git a/Shorewall6/Samples6/three-interfaces/interfaces b/Shorewall6/Samples6/three-interfaces/interfaces index a3499651d..32e6ee9da 100644 --- a/Shorewall6/Samples6/three-interfaces/interfaces +++ b/Shorewall6/Samples6/three-interfaces/interfaces @@ -11,7 +11,7 @@ #------------------------------------------------------------------------------ # For information about entries in this file, type "man shorewall6-interfaces" ############################################################################### -FORMAT 2 +?FORMAT 2 ############################################################################### #ZONE INTERFACE OPTIONS net eth0 tcpflags,forward=1,sourceroute=0 diff --git a/Shorewall6/Samples6/two-interfaces/interfaces b/Shorewall6/Samples6/two-interfaces/interfaces index c15c0a4ee..37ccea31b 100644 --- a/Shorewall6/Samples6/two-interfaces/interfaces +++ b/Shorewall6/Samples6/two-interfaces/interfaces @@ -11,7 +11,7 @@ #------------------------------------------------------------------------------ # For information about entries in this file, type "man shorewall6-interfaces" ############################################################################### -FORMAT 2 +?FORMAT 2 ############################################################################### #ZONE INTERFACE OPTIONS net eth0 tcpflags,forward=1,sourceroute=0 diff --git a/Shorewall6/action.AllowICMPs b/Shorewall6/action.AllowICMPs index 78349ec58..f0fb02b23 100644 --- a/Shorewall6/action.AllowICMPs +++ b/Shorewall6/action.AllowICMPs @@ -9,7 +9,7 @@ #TARGET SOURCE DEST PROTO DEST # PORT(S) -FORMAT 2 +?FORMAT 2 DEFAULTS ACCEPT COMMENT Needed ICMP types (RFC4890) diff --git a/Shorewall6/action.Broadcast b/Shorewall6/action.Broadcast index bc46a542e..dc96006de 100644 --- a/Shorewall6/action.Broadcast +++ b/Shorewall6/action.Broadcast @@ -27,7 +27,7 @@ # Default action is DROP # ########################################################################################## -FORMAT 2 +?FORMAT 2 DEFAULTS DROP,- diff --git a/Shorewall6/action.Drop b/Shorewall6/action.Drop index 348f3f904..3bce62ac5 100644 --- a/Shorewall6/action.Drop +++ b/Shorewall6/action.Drop @@ -31,7 +31,7 @@ # IF YOU ARE HAVING CONNECTION PROBLEMS, CHANGING THIS FILE WON'T HELP!!!!!!!!! # ############################################################################### -FORMAT 2 +?FORMAT 2 # # The following magic provides different defaults for $2 thru $5, when $1 is # 'audit'. diff --git a/Shorewall6/action.Reject b/Shorewall6/action.Reject index 70cc04294..66a73860d 100644 --- a/Shorewall6/action.Reject +++ b/Shorewall6/action.Reject @@ -27,7 +27,7 @@ # # IF YOU ARE HAVING CONNECTION PROBLEMS, CHANGING THIS FILE WON'T HELP!!!!!!!!! ############################################################################### -FORMAT 2 +?FORMAT 2 # # The following magic provides different defaults for $2 thru $5, when $1 is # 'audit'. diff --git a/Shorewall6/action.template b/Shorewall6/action.template index 508839ca3..8f611bd7c 100644 --- a/Shorewall6/action.template +++ b/Shorewall6/action.template @@ -20,7 +20,7 @@ # ####################################################################################################### # DO NOT REMOVE THE FOLLOWING LINE -FORMAT 2 +?FORMAT 2 ##################################################################################################################################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH HELPER # PORT PORT(S) DEST LIMIT GROUP diff --git a/Shorewall6/configfiles/conntrack b/Shorewall6/configfiles/conntrack index 84ae98e23..3a725e12e 100644 --- a/Shorewall6/configfiles/conntrack +++ b/Shorewall6/configfiles/conntrack @@ -4,7 +4,7 @@ # For information about entries in this file, type "man shorewal6-conntrack" # ############################################################################################################## -FORMAT 2 +?FORMAT 2 #ACTION SOURCE DESTINATION PROTO DEST SOURCE USER/ SWITCH # PORT(S) PORT(S) GROUP ?if __CT_TARGET diff --git a/Shorewall6/configfiles/interfaces b/Shorewall6/configfiles/interfaces index 944bd9454..6d2f918ae 100644 --- a/Shorewall6/configfiles/interfaces +++ b/Shorewall6/configfiles/interfaces @@ -7,6 +7,6 @@ # http://www.shorewall.net/manpages6/shorewall6-interfaces.html # ############################################################################### -FORMAT 2 +?FORMAT 2 ############################################################################### #ZONE INTERFACE OPTIONS diff --git a/Shorewall6/configfiles/tcrules b/Shorewall6/configfiles/tcrules index 6e4399982..9e4a1b499 100644 --- a/Shorewall6/configfiles/tcrules +++ b/Shorewall6/configfiles/tcrules @@ -10,7 +10,7 @@ # See http://shorewall.net/PacketMarking.html for a detailed description of # the Netfilter/Shorewall packet marking mechanism. ################################################################################################################################################### -FORMAT 2 +?FORMAT 2 ################################################################################################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE USER TEST LENGTH TOS CONNBYTES HELPER HEADERS PROBABILITY DSCP # PORT(S) PORT(S)