From f717d097d71e165452edf9093a14862c3ca2702f Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Wed, 7 May 2014 12:19:24 -0700 Subject: [PATCH] Apply Tuomo Soini's Macro format patch Signed-off-by: Tom Eastep --- Shorewall/Macros/macro.A_AllowICMPs | 8 +++--- Shorewall/Macros/macro.A_DropDNSrep | 8 +++--- Shorewall/Macros/macro.A_DropUPnP | 8 +++--- Shorewall/Macros/macro.AllowICMPs | 6 +++-- Shorewall/Macros/macro.Amanda | 5 ++-- Shorewall/Macros/macro.Auth | 6 +++-- Shorewall/Macros/macro.BGP | 6 +++-- Shorewall/Macros/macro.BLACKLIST | 6 +++-- Shorewall/Macros/macro.BitTorrent | 7 +++-- Shorewall/Macros/macro.BitTorrent32 | 6 +++-- Shorewall/Macros/macro.CVS | 6 +++-- Shorewall/Macros/macro.Citrix | 8 +++--- Shorewall/Macros/macro.DAAP | 6 +++-- Shorewall/Macros/macro.DCC | 6 +++-- Shorewall/Macros/macro.DHCPfwd | 6 +++-- Shorewall/Macros/macro.DNS | 6 +++-- Shorewall/Macros/macro.Distcc | 6 +++-- Shorewall/Macros/macro.Drop | 10 ++++--- Shorewall/Macros/macro.DropDNSrep | 6 +++-- Shorewall/Macros/macro.DropUPnP | 6 +++-- Shorewall/Macros/macro.Edonkey | 6 +++-- Shorewall/Macros/macro.FTP | 5 ++-- Shorewall/Macros/macro.Finger | 6 +++-- Shorewall/Macros/macro.GNUnet | 6 +++-- Shorewall/Macros/macro.GRE | 6 +++-- Shorewall/Macros/macro.Git | 6 +++-- Shorewall/Macros/macro.Gnutella | 6 +++-- Shorewall/Macros/macro.HKP | 6 +++-- Shorewall/Macros/macro.HTTP | 6 +++-- Shorewall/Macros/macro.HTTPS | 6 +++-- Shorewall/Macros/macro.ICPV2 | 6 +++-- Shorewall/Macros/macro.ICQ | 6 +++-- Shorewall/Macros/macro.IMAP | 6 +++-- Shorewall/Macros/macro.IMAPS | 6 +++-- Shorewall/Macros/macro.IPIP | 6 +++-- Shorewall/Macros/macro.IPP | 6 +++-- Shorewall/Macros/macro.IPPbrd | 7 +++-- Shorewall/Macros/macro.IPPserver | 6 +++-- Shorewall/Macros/macro.IPsec | 6 +++-- Shorewall/Macros/macro.IPsecah | 6 +++-- Shorewall/Macros/macro.IPsecnat | 6 +++-- Shorewall/Macros/macro.IRC | 5 ++-- Shorewall/Macros/macro.JAP | 6 +++-- Shorewall/Macros/macro.JabberPlain | 6 +++-- Shorewall/Macros/macro.JabberSecure | 6 +++-- Shorewall/Macros/macro.Jabberd | 6 +++-- Shorewall/Macros/macro.Jetdirect | 6 +++-- Shorewall/Macros/macro.Kerberos | 6 +++-- Shorewall/Macros/macro.L2TP | 6 +++-- Shorewall/Macros/macro.LDAP | 6 +++-- Shorewall/Macros/macro.LDAPS | 6 +++-- Shorewall/Macros/macro.MSNP | 6 +++-- Shorewall/Macros/macro.MSSQL | 6 +++-- Shorewall/Macros/macro.Mail | 6 +++-- Shorewall/Macros/macro.Munin | 6 +++-- Shorewall/Macros/macro.MySQL | 6 +++-- Shorewall/Macros/macro.NNTP | 6 +++-- Shorewall/Macros/macro.NNTPS | 6 +++-- Shorewall/Macros/macro.NTP | 6 +++-- Shorewall/Macros/macro.NTPbi | 6 +++-- Shorewall/Macros/macro.NTPbrd | 6 +++-- Shorewall/Macros/macro.OSPF | 6 +++-- Shorewall/Macros/macro.OpenVPN | 6 +++-- Shorewall/Macros/macro.PCA | 6 +++-- Shorewall/Macros/macro.POP3 | 6 +++-- Shorewall/Macros/macro.POP3S | 6 +++-- Shorewall/Macros/macro.PPtP | 5 ++-- Shorewall/Macros/macro.Ping | 6 +++-- Shorewall/Macros/macro.PostgreSQL | 6 +++-- Shorewall/Macros/macro.Printer | 6 +++-- Shorewall/Macros/macro.Puppet | 6 +++-- Shorewall/Macros/macro.RDP | 6 +++-- Shorewall/Macros/macro.RIPbi | 11 ++++---- Shorewall/Macros/macro.RNDC | 6 +++-- Shorewall/Macros/macro.Razor | 8 +++--- Shorewall/Macros/macro.Rdate | 6 +++-- Shorewall/Macros/macro.Reject | 6 +++-- Shorewall/Macros/macro.Rfc1918 | 11 +++++--- Shorewall/Macros/macro.Rsync | 6 +++-- Shorewall/Macros/macro.SANE | 5 ++-- Shorewall/Macros/macro.SIP | 5 ++-- Shorewall/Macros/macro.SMB | 5 ++-- Shorewall/Macros/macro.SMBBI | 5 ++-- Shorewall/Macros/macro.SMBswat | 6 +++-- Shorewall/Macros/macro.SMTP | 6 +++-- Shorewall/Macros/macro.SMTPS | 6 +++-- Shorewall/Macros/macro.SNMP | 5 ++-- Shorewall/Macros/macro.SNMPTrap | 7 ++--- Shorewall/Macros/macro.SPAMD | 6 +++-- Shorewall/Macros/macro.SSH | 6 +++-- Shorewall/Macros/macro.SVN | 6 +++-- Shorewall/Macros/macro.SixXS | 6 +++-- Shorewall/Macros/macro.Squid | 6 +++-- Shorewall/Macros/macro.Submission | 6 +++-- Shorewall/Macros/macro.Syslog | 6 +++-- Shorewall/Macros/macro.TFTP | 5 ++-- Shorewall/Macros/macro.Telnet | 6 +++-- Shorewall/Macros/macro.Telnets | 6 +++-- Shorewall/Macros/macro.Teredo | 6 +++-- Shorewall/Macros/macro.Time | 6 +++-- Shorewall/Macros/macro.Trcrt | 6 +++-- Shorewall/Macros/macro.VNC | 6 +++-- Shorewall/Macros/macro.VNCL | 6 +++-- Shorewall/Macros/macro.VRRP | 8 +++--- Shorewall/Macros/macro.Web | 6 +++-- Shorewall/Macros/macro.Webcache | 7 ++--- Shorewall/Macros/macro.Webmin | 6 +++-- Shorewall/Macros/macro.Whois | 6 +++-- Shorewall/Macros/macro.Xymon | 6 +++-- Shorewall/Macros/macro.mDNS | 6 +++-- Shorewall/Macros/macro.mDNSbi | 6 +++-- Shorewall/Macros/macro.template | 22 ++++++++------- Shorewall/Perl/Shorewall/Compiler.pm | 40 +++++++++++++--------------- Shorewall6/Macros/macro.Ping | 6 +++-- Shorewall6/Macros/macro.Trcrt | 6 +++-- Shorewall6/Macros/macro.mDNS | 6 +++-- 116 files changed, 492 insertions(+), 274 deletions(-) diff --git a/Shorewall/Macros/macro.A_AllowICMPs b/Shorewall/Macros/macro.A_AllowICMPs index 5402630f3..304de76b1 100644 --- a/Shorewall/Macros/macro.A_AllowICMPs +++ b/Shorewall/Macros/macro.A_AllowICMPs @@ -1,13 +1,15 @@ # # Shorewall version 4 - Audited AllowICMPs Macro # -# /usr/share/shorewall/macro.AAllowICMPs +# /usr/share/shorewall/macro.A_AllowICMPs # # This macro A_ACCEPTs needed ICMP types # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP ?COMMENT Needed ICMP types diff --git a/Shorewall/Macros/macro.A_DropDNSrep b/Shorewall/Macros/macro.A_DropDNSrep index 35dca2c1d..134f20dc4 100644 --- a/Shorewall/Macros/macro.A_DropDNSrep +++ b/Shorewall/Macros/macro.A_DropDNSrep @@ -1,13 +1,15 @@ # # Shorewall version 4 - Audited DropDNSrep Macro # -# /usr/share/shorewall/macro.ADropDNSrep +# /usr/share/shorewall/macro.A_DropDNSrep # # This macro silently audites and drops DNS UDP replies # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP ?COMMENT Late DNS Replies diff --git a/Shorewall/Macros/macro.A_DropUPnP b/Shorewall/Macros/macro.A_DropUPnP index 003f313b2..284132c7b 100644 --- a/Shorewall/Macros/macro.A_DropUPnP +++ b/Shorewall/Macros/macro.A_DropUPnP @@ -1,13 +1,15 @@ # # Shorewall version 4 - ADropUPnP Macro # -# /usr/share/shorewall/macro.ADropUPnP +# /usr/share/shorewall/macro.A_DropUPnP # # This macro silently drops UPnP probes on UDP port 1900 # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP ?COMMENT UPnP diff --git a/Shorewall/Macros/macro.AllowICMPs b/Shorewall/Macros/macro.AllowICMPs index 83d22b342..4a0b02251 100644 --- a/Shorewall/Macros/macro.AllowICMPs +++ b/Shorewall/Macros/macro.AllowICMPs @@ -6,8 +6,10 @@ # This macro ACCEPTs needed ICMP types # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP ?COMMENT Needed ICMP types diff --git a/Shorewall/Macros/macro.Amanda b/Shorewall/Macros/macro.Amanda index d34f8eea8..f9cf8a714 100644 --- a/Shorewall/Macros/macro.Amanda +++ b/Shorewall/Macros/macro.Amanda @@ -9,8 +9,9 @@ # ############################################################################### ?FORMAT 2 -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP ?if ( __CT_TARGET && ! $AUTOHELPERS && __AMANDA_HELPER ) PARAM - - udp 10080 ; helper=amanda diff --git a/Shorewall/Macros/macro.Auth b/Shorewall/Macros/macro.Auth index 359a32165..613b9bcae 100644 --- a/Shorewall/Macros/macro.Auth +++ b/Shorewall/Macros/macro.Auth @@ -6,6 +6,8 @@ # This macro handles Auth (identd) traffic. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 113 diff --git a/Shorewall/Macros/macro.BGP b/Shorewall/Macros/macro.BGP index 6cec84641..d0870885a 100644 --- a/Shorewall/Macros/macro.BGP +++ b/Shorewall/Macros/macro.BGP @@ -6,6 +6,8 @@ # This macro handles BGP4 traffic. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 179 # BGP4 diff --git a/Shorewall/Macros/macro.BLACKLIST b/Shorewall/Macros/macro.BLACKLIST index cebff9453..97732afc0 100644 --- a/Shorewall/Macros/macro.BLACKLIST +++ b/Shorewall/Macros/macro.BLACKLIST @@ -6,8 +6,10 @@ # This macro handles blacklisting using BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP ?if $BLACKLIST_LOGLEVEL blacklog ?else diff --git a/Shorewall/Macros/macro.BitTorrent b/Shorewall/Macros/macro.BitTorrent index bf8b68aca..527d9500f 100644 --- a/Shorewall/Macros/macro.BitTorrent +++ b/Shorewall/Macros/macro.BitTorrent @@ -7,9 +7,12 @@ # # If you are running BitTorrent 3.2 or later, you should use the # BitTorrent32 macro. +# ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 6881:6889 # # It may also be necessary to allow UDP traffic: diff --git a/Shorewall/Macros/macro.BitTorrent32 b/Shorewall/Macros/macro.BitTorrent32 index 864916139..dbaab9b80 100644 --- a/Shorewall/Macros/macro.BitTorrent32 +++ b/Shorewall/Macros/macro.BitTorrent32 @@ -6,8 +6,10 @@ # This macro handles BitTorrent traffic for BitTorrent 3.2 and later. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 6881:6999 # # It may also be necessary to allow UDP traffic: diff --git a/Shorewall/Macros/macro.CVS b/Shorewall/Macros/macro.CVS index df3463cdd..071645e18 100644 --- a/Shorewall/Macros/macro.CVS +++ b/Shorewall/Macros/macro.CVS @@ -6,6 +6,8 @@ # This macro handles connections to the CVS pserver. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 2401 diff --git a/Shorewall/Macros/macro.Citrix b/Shorewall/Macros/macro.Citrix index b7a2284af..57c955d87 100644 --- a/Shorewall/Macros/macro.Citrix +++ b/Shorewall/Macros/macro.Citrix @@ -6,9 +6,11 @@ # This macro handles Citrix/ICA traffic (ICA, ICA Browser, CGP a.k.a. # ICA Session Reliability) # -#################################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +############################################################################### +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 1494 # ICA PARAM - - udp 1604 # ICA Browser PARAM - - tcp 2598 # CGP Session Reliabilty diff --git a/Shorewall/Macros/macro.DAAP b/Shorewall/Macros/macro.DAAP index c0e663d8c..bdccd7d52 100644 --- a/Shorewall/Macros/macro.DAAP +++ b/Shorewall/Macros/macro.DAAP @@ -7,7 +7,9 @@ # The protocol is used by iTunes, Rythmbox and other similar daemons. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 3689 PARAM - - udp 3689 diff --git a/Shorewall/Macros/macro.DCC b/Shorewall/Macros/macro.DCC index e7bdd319a..cbfe1d037 100644 --- a/Shorewall/Macros/macro.DCC +++ b/Shorewall/Macros/macro.DCC @@ -7,6 +7,8 @@ # DCC is a distributed spam filtering mechanism. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - udp 6277 diff --git a/Shorewall/Macros/macro.DHCPfwd b/Shorewall/Macros/macro.DHCPfwd index 9e1da866e..ac70c77f1 100644 --- a/Shorewall/Macros/macro.DHCPfwd +++ b/Shorewall/Macros/macro.DHCPfwd @@ -6,7 +6,9 @@ # This macro (bidirectional) handles forwarded DHCP traffic # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - udp 67:68 67:68 # DHCP PARAM DEST SOURCE udp 67:68 67:68 # DHCP diff --git a/Shorewall/Macros/macro.DNS b/Shorewall/Macros/macro.DNS index ef0cdbf50..bd59e8c2c 100644 --- a/Shorewall/Macros/macro.DNS +++ b/Shorewall/Macros/macro.DNS @@ -6,7 +6,9 @@ # This macro handles DNS traffic. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - udp 53 PARAM - - tcp 53 diff --git a/Shorewall/Macros/macro.Distcc b/Shorewall/Macros/macro.Distcc index 5c13b869a..732fa9f51 100644 --- a/Shorewall/Macros/macro.Distcc +++ b/Shorewall/Macros/macro.Distcc @@ -6,6 +6,8 @@ # This macro handles connections to the Distributed Compiler service. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 3632 diff --git a/Shorewall/Macros/macro.Drop b/Shorewall/Macros/macro.Drop index 44714a5d1..3fdae526a 100644 --- a/Shorewall/Macros/macro.Drop +++ b/Shorewall/Macros/macro.Drop @@ -11,12 +11,14 @@ # Drop net all # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP # -# Don't log 'auth' REJECT +# Don't log 'auth' DROP # -REJECT - - tcp 113 +DROP - - tcp 113 # # Drop Broadcasts so they don't clutter up the log # (broadcasts must *not* be rejected). diff --git a/Shorewall/Macros/macro.DropDNSrep b/Shorewall/Macros/macro.DropDNSrep index 603f121ad..0d1d7853f 100644 --- a/Shorewall/Macros/macro.DropDNSrep +++ b/Shorewall/Macros/macro.DropDNSrep @@ -6,8 +6,10 @@ # This macro silently drops DNS UDP replies # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP ?COMMENT Late DNS Replies diff --git a/Shorewall/Macros/macro.DropUPnP b/Shorewall/Macros/macro.DropUPnP index 3dad3d300..8a6b5b81a 100644 --- a/Shorewall/Macros/macro.DropUPnP +++ b/Shorewall/Macros/macro.DropUPnP @@ -6,8 +6,10 @@ # This macro silently drops UPnP probes on UDP port 1900 # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP ?COMMENT UPnP diff --git a/Shorewall/Macros/macro.Edonkey b/Shorewall/Macros/macro.Edonkey index 3a672c62d..fc188c5ba 100644 --- a/Shorewall/Macros/macro.Edonkey +++ b/Shorewall/Macros/macro.Edonkey @@ -28,7 +28,9 @@ # applications such as aMule WebServer or aMuleCMD. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 4662 PARAM - - udp 4665 diff --git a/Shorewall/Macros/macro.FTP b/Shorewall/Macros/macro.FTP index 68cd46bc8..ca1edd7b6 100644 --- a/Shorewall/Macros/macro.FTP +++ b/Shorewall/Macros/macro.FTP @@ -7,8 +7,9 @@ # ############################################################################### ?FORMAT 2 -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP ?if ( __CT_TARGET && ! $AUTOHELPERS && __FTP_HELPER ) PARAM - - tcp 21 ; helper=ftp ?else diff --git a/Shorewall/Macros/macro.Finger b/Shorewall/Macros/macro.Finger index 8a873d40a..7ab7aea4e 100644 --- a/Shorewall/Macros/macro.Finger +++ b/Shorewall/Macros/macro.Finger @@ -7,6 +7,8 @@ # your finger information to internet. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 79 diff --git a/Shorewall/Macros/macro.GNUnet b/Shorewall/Macros/macro.GNUnet index 04597fcee..ab1f62d08 100644 --- a/Shorewall/Macros/macro.GNUnet +++ b/Shorewall/Macros/macro.GNUnet @@ -6,8 +6,10 @@ # This macro handles GNUnet (secure peer-to-peer networking) traffic. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 2086 PARAM - - udp 2086 PARAM - - tcp 1080 diff --git a/Shorewall/Macros/macro.GRE b/Shorewall/Macros/macro.GRE index 35797131b..16b3b80f1 100644 --- a/Shorewall/Macros/macro.GRE +++ b/Shorewall/Macros/macro.GRE @@ -7,7 +7,9 @@ # traffic (RFC 1701) # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - 47 # GRE PARAM DEST SOURCE 47 # GRE diff --git a/Shorewall/Macros/macro.Git b/Shorewall/Macros/macro.Git index 7b06913ea..8d2309dbb 100644 --- a/Shorewall/Macros/macro.Git +++ b/Shorewall/Macros/macro.Git @@ -6,6 +6,8 @@ # This macro handles Git traffic. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 9418 diff --git a/Shorewall/Macros/macro.Gnutella b/Shorewall/Macros/macro.Gnutella index 5e375438a..39231e990 100644 --- a/Shorewall/Macros/macro.Gnutella +++ b/Shorewall/Macros/macro.Gnutella @@ -6,7 +6,9 @@ # This macro handles Gnutella traffic. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 6346 PARAM - - udp 6346 diff --git a/Shorewall/Macros/macro.HKP b/Shorewall/Macros/macro.HKP index 8d94313cf..b91f7f67c 100644 --- a/Shorewall/Macros/macro.HKP +++ b/Shorewall/Macros/macro.HKP @@ -6,6 +6,8 @@ # This macro handles OpenPGP HTTP keyserver protocol traffic. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 11371 diff --git a/Shorewall/Macros/macro.HTTP b/Shorewall/Macros/macro.HTTP index 18a7b2652..f1d8608ad 100644 --- a/Shorewall/Macros/macro.HTTP +++ b/Shorewall/Macros/macro.HTTP @@ -6,6 +6,8 @@ # This macro handles plaintext HTTP (WWW) traffic. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 80 diff --git a/Shorewall/Macros/macro.HTTPS b/Shorewall/Macros/macro.HTTPS index 444f945ae..aec174bb1 100644 --- a/Shorewall/Macros/macro.HTTPS +++ b/Shorewall/Macros/macro.HTTPS @@ -6,6 +6,8 @@ # This macro handles HTTPS (WWW over SSL) traffic. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 443 diff --git a/Shorewall/Macros/macro.ICPV2 b/Shorewall/Macros/macro.ICPV2 index d26e77ff9..46839373d 100644 --- a/Shorewall/Macros/macro.ICPV2 +++ b/Shorewall/Macros/macro.ICPV2 @@ -6,6 +6,8 @@ # This macro handles Internet Cache Protocol V2 (Squid) traffic # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - udp 3130 diff --git a/Shorewall/Macros/macro.ICQ b/Shorewall/Macros/macro.ICQ index ff9502d3b..ddf92ef73 100644 --- a/Shorewall/Macros/macro.ICQ +++ b/Shorewall/Macros/macro.ICQ @@ -6,6 +6,8 @@ # This macro handles ICQ, now called AOL Instant Messenger (or AIM). # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 5190 diff --git a/Shorewall/Macros/macro.IMAP b/Shorewall/Macros/macro.IMAP index 6cd53d0de..177d56bc4 100644 --- a/Shorewall/Macros/macro.IMAP +++ b/Shorewall/Macros/macro.IMAP @@ -7,6 +7,8 @@ # see macro.IMAPS. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 143 diff --git a/Shorewall/Macros/macro.IMAPS b/Shorewall/Macros/macro.IMAPS index 9e3df9dbc..3a88dab2b 100644 --- a/Shorewall/Macros/macro.IMAPS +++ b/Shorewall/Macros/macro.IMAPS @@ -7,6 +7,8 @@ # (not recommended), see macro.IMAP. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 993 diff --git a/Shorewall/Macros/macro.IPIP b/Shorewall/Macros/macro.IPIP index 771bcc60f..beea45a8a 100644 --- a/Shorewall/Macros/macro.IPIP +++ b/Shorewall/Macros/macro.IPIP @@ -6,7 +6,9 @@ # This macro (bidirectional) handles IPIP capsulation traffic # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - 94 # IPIP PARAM DEST SOURCE 94 # IPIP diff --git a/Shorewall/Macros/macro.IPP b/Shorewall/Macros/macro.IPP index 88c62f8b0..033cc47f7 100644 --- a/Shorewall/Macros/macro.IPP +++ b/Shorewall/Macros/macro.IPP @@ -6,6 +6,8 @@ # This macro handles Internet Printing Protocol (IPP). # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 631 diff --git a/Shorewall/Macros/macro.IPPbrd b/Shorewall/Macros/macro.IPPbrd index 024d11cd9..cd4460b70 100644 --- a/Shorewall/Macros/macro.IPPbrd +++ b/Shorewall/Macros/macro.IPPbrd @@ -6,7 +6,10 @@ # This macro handles Internet Printing Protocol (IPP) broadcasts. # If you also need to handle TCP 631 connections in the opposite # direction, use the IPPserver Macro +# ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - udp 631 diff --git a/Shorewall/Macros/macro.IPPserver b/Shorewall/Macros/macro.IPPserver index d870d87c4..e095a8604 100644 --- a/Shorewall/Macros/macro.IPPserver +++ b/Shorewall/Macros/macro.IPPserver @@ -23,7 +23,9 @@ # IPPserver/ACCEPT $FW loc # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM SOURCE DEST tcp 631 PARAM DEST SOURCE udp 631 diff --git a/Shorewall/Macros/macro.IPsec b/Shorewall/Macros/macro.IPsec index aa34ecf6e..aeda55d54 100644 --- a/Shorewall/Macros/macro.IPsec +++ b/Shorewall/Macros/macro.IPsec @@ -6,8 +6,10 @@ # This macro (bidirectional) handles IPsec traffic # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - udp 500 500 # IKE PARAM - - 50 # ESP PARAM DEST SOURCE udp 500 500 # IKE diff --git a/Shorewall/Macros/macro.IPsecah b/Shorewall/Macros/macro.IPsecah index 45e826367..fa834781d 100644 --- a/Shorewall/Macros/macro.IPsecah +++ b/Shorewall/Macros/macro.IPsecah @@ -7,8 +7,10 @@ # This is insecure. You should use ESP with encryption for security. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - udp 500 500 # IKE PARAM - - 51 # AH PARAM DEST SOURCE udp 500 500 # IKE diff --git a/Shorewall/Macros/macro.IPsecnat b/Shorewall/Macros/macro.IPsecnat index a3f0f30f3..c99eef31c 100644 --- a/Shorewall/Macros/macro.IPsecnat +++ b/Shorewall/Macros/macro.IPsecnat @@ -6,8 +6,10 @@ # This macro (bidirectional) handles IPsec traffic and Nat-Traversal # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - udp 500 # IKE PARAM - - udp 4500 # NAT-T PARAM - - 50 # ESP diff --git a/Shorewall/Macros/macro.IRC b/Shorewall/Macros/macro.IRC index e0d6973db..baf5e4f9c 100644 --- a/Shorewall/Macros/macro.IRC +++ b/Shorewall/Macros/macro.IRC @@ -7,8 +7,9 @@ # ############################################################################### ?FORMAT 2 -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP ?if ( __CT_TARGET && ! $AUTOHELPERS && __IRC_HELPER ) PARAM - - tcp 6667 ; helper=irc diff --git a/Shorewall/Macros/macro.JAP b/Shorewall/Macros/macro.JAP index 7a68ae84d..62fb43d86 100644 --- a/Shorewall/Macros/macro.JAP +++ b/Shorewall/Macros/macro.JAP @@ -8,8 +8,10 @@ # to browse anonymously! # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 8080 # HTTP port PARAM - - tcp 6544 # HTTP port PARAM - - tcp 6543 # InfoService port diff --git a/Shorewall/Macros/macro.JabberPlain b/Shorewall/Macros/macro.JabberPlain index 72324501b..0df05f172 100644 --- a/Shorewall/Macros/macro.JabberPlain +++ b/Shorewall/Macros/macro.JabberPlain @@ -6,6 +6,8 @@ # This macro accepts Jabber traffic (plaintext). # ############################################################################### -#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 5222 diff --git a/Shorewall/Macros/macro.JabberSecure b/Shorewall/Macros/macro.JabberSecure index f16f42a24..cd2590dc1 100644 --- a/Shorewall/Macros/macro.JabberSecure +++ b/Shorewall/Macros/macro.JabberSecure @@ -6,6 +6,8 @@ # This macro accepts Jabber traffic (ssl). # ############################################################################### -#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 5223 diff --git a/Shorewall/Macros/macro.Jabberd b/Shorewall/Macros/macro.Jabberd index 056cff065..3a1380fa0 100644 --- a/Shorewall/Macros/macro.Jabberd +++ b/Shorewall/Macros/macro.Jabberd @@ -6,6 +6,8 @@ # This macro accepts Jabberd intercommunication traffic # ############################################################################### -#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 5269 diff --git a/Shorewall/Macros/macro.Jetdirect b/Shorewall/Macros/macro.Jetdirect index 88a0fa29f..839c9cf7a 100644 --- a/Shorewall/Macros/macro.Jetdirect +++ b/Shorewall/Macros/macro.Jetdirect @@ -6,6 +6,8 @@ # This macro handles HP Jetdirect printing. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 9100 diff --git a/Shorewall/Macros/macro.Kerberos b/Shorewall/Macros/macro.Kerberos index 7355bf168..a2f0c740c 100644 --- a/Shorewall/Macros/macro.Kerberos +++ b/Shorewall/Macros/macro.Kerberos @@ -6,7 +6,9 @@ # This macro handles Kerberos traffic. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 88 PARAM - - udp 88 diff --git a/Shorewall/Macros/macro.L2TP b/Shorewall/Macros/macro.L2TP index e31eaff7e..b9ecdec09 100644 --- a/Shorewall/Macros/macro.L2TP +++ b/Shorewall/Macros/macro.L2TP @@ -7,7 +7,9 @@ # (RFC 2661) # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - udp 1701 # L2TP PARAM DEST SOURCE udp 1701 # L2TP diff --git a/Shorewall/Macros/macro.LDAP b/Shorewall/Macros/macro.LDAP index 08c7a4a3e..9030afb6d 100644 --- a/Shorewall/Macros/macro.LDAP +++ b/Shorewall/Macros/macro.LDAP @@ -11,6 +11,8 @@ # Consult your LDAP server documentation for details. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 389 diff --git a/Shorewall/Macros/macro.LDAPS b/Shorewall/Macros/macro.LDAPS index b61468ca5..975afba99 100644 --- a/Shorewall/Macros/macro.LDAPS +++ b/Shorewall/Macros/macro.LDAPS @@ -11,6 +11,8 @@ # Consult your LDAP server documentation for details. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 636 diff --git a/Shorewall/Macros/macro.MSNP b/Shorewall/Macros/macro.MSNP index a2e6b8e60..4431b8146 100644 --- a/Shorewall/Macros/macro.MSNP +++ b/Shorewall/Macros/macro.MSNP @@ -6,6 +6,8 @@ # This macro handles MSNP (MicroSoft Notification Protocol) # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 1863 diff --git a/Shorewall/Macros/macro.MSSQL b/Shorewall/Macros/macro.MSSQL index 708b18a5d..70be935ca 100644 --- a/Shorewall/Macros/macro.MSSQL +++ b/Shorewall/Macros/macro.MSSQL @@ -6,6 +6,8 @@ # This macro handles MSSQL (Microsoft SQL Server) # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 1433 diff --git a/Shorewall/Macros/macro.Mail b/Shorewall/Macros/macro.Mail index 46d6cabdc..4ac525698 100644 --- a/Shorewall/Macros/macro.Mail +++ b/Shorewall/Macros/macro.Mail @@ -12,8 +12,10 @@ # the POP3 or IMAP macros. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 25 PARAM - - tcp 465 PARAM - - tcp 587 diff --git a/Shorewall/Macros/macro.Munin b/Shorewall/Macros/macro.Munin index 02afecd6d..2f7b537b1 100644 --- a/Shorewall/Macros/macro.Munin +++ b/Shorewall/Macros/macro.Munin @@ -6,6 +6,8 @@ # This macro handles Munin networked resource monitoring traffic # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 4949 diff --git a/Shorewall/Macros/macro.MySQL b/Shorewall/Macros/macro.MySQL index 798e79c07..390885c6c 100644 --- a/Shorewall/Macros/macro.MySQL +++ b/Shorewall/Macros/macro.MySQL @@ -6,6 +6,8 @@ # This macro handles connections to the MySQL server. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 3306 diff --git a/Shorewall/Macros/macro.NNTP b/Shorewall/Macros/macro.NNTP index 27325bb79..f53bacbbd 100644 --- a/Shorewall/Macros/macro.NNTP +++ b/Shorewall/Macros/macro.NNTP @@ -7,6 +7,8 @@ # encrypted NNTP, see macro.NNTPS. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 119 diff --git a/Shorewall/Macros/macro.NNTPS b/Shorewall/Macros/macro.NNTPS index a2f4ba046..2df93f3a3 100644 --- a/Shorewall/Macros/macro.NNTPS +++ b/Shorewall/Macros/macro.NNTPS @@ -7,6 +7,8 @@ # plaintext NNTP, see macro.NNTP. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 563 diff --git a/Shorewall/Macros/macro.NTP b/Shorewall/Macros/macro.NTP index 0a8de3dd2..a6ef8d72f 100644 --- a/Shorewall/Macros/macro.NTP +++ b/Shorewall/Macros/macro.NTP @@ -7,6 +7,8 @@ # For broadcast NTP traffic, use NTPbrd Macro. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - udp 123 diff --git a/Shorewall/Macros/macro.NTPbi b/Shorewall/Macros/macro.NTPbi index a2e3954c4..bfa7f7dbc 100644 --- a/Shorewall/Macros/macro.NTPbi +++ b/Shorewall/Macros/macro.NTPbi @@ -6,7 +6,9 @@ # This macro handles bi-directional NTP (for NTP peers) # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - udp 123 PARAM DEST SOURCE udp 123 diff --git a/Shorewall/Macros/macro.NTPbrd b/Shorewall/Macros/macro.NTPbrd index baf12a7e5..1defb9ee6 100644 --- a/Shorewall/Macros/macro.NTPbrd +++ b/Shorewall/Macros/macro.NTPbrd @@ -11,7 +11,9 @@ # Netfilter doesn't track connections for broadcast traffic. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - udp 123 PARAM - - udp 1024: 123 diff --git a/Shorewall/Macros/macro.OSPF b/Shorewall/Macros/macro.OSPF index effb2e650..5dc321b1a 100644 --- a/Shorewall/Macros/macro.OSPF +++ b/Shorewall/Macros/macro.OSPF @@ -6,6 +6,8 @@ # This macro handles OSPF multicast traffic # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - 89 # OSPF diff --git a/Shorewall/Macros/macro.OpenVPN b/Shorewall/Macros/macro.OpenVPN index 539951058..4f91c4c92 100644 --- a/Shorewall/Macros/macro.OpenVPN +++ b/Shorewall/Macros/macro.OpenVPN @@ -6,6 +6,8 @@ # This macro handles OpenVPN traffic. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - udp 1194 diff --git a/Shorewall/Macros/macro.PCA b/Shorewall/Macros/macro.PCA index 545e884c9..9fe9516f4 100644 --- a/Shorewall/Macros/macro.PCA +++ b/Shorewall/Macros/macro.PCA @@ -6,7 +6,9 @@ # This macro handles PCAnywere (tm) # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - udp 5632 PARAM - - tcp 5631 diff --git a/Shorewall/Macros/macro.POP3 b/Shorewall/Macros/macro.POP3 index 96d309ce8..c10f86d43 100644 --- a/Shorewall/Macros/macro.POP3 +++ b/Shorewall/Macros/macro.POP3 @@ -7,6 +7,8 @@ # see macro.POP3S. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 110 diff --git a/Shorewall/Macros/macro.POP3S b/Shorewall/Macros/macro.POP3S index 5709086e4..31aedcd4a 100644 --- a/Shorewall/Macros/macro.POP3S +++ b/Shorewall/Macros/macro.POP3S @@ -7,6 +7,8 @@ # see macro.POP3. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 995 # Secure POP3 diff --git a/Shorewall/Macros/macro.PPtP b/Shorewall/Macros/macro.PPtP index b4ba427e8..f932c4631 100644 --- a/Shorewall/Macros/macro.PPtP +++ b/Shorewall/Macros/macro.PPtP @@ -7,8 +7,9 @@ # ############################################################################### ?FORMAT 2 -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - 47 PARAM DEST SOURCE 47 diff --git a/Shorewall/Macros/macro.Ping b/Shorewall/Macros/macro.Ping index a4a81484e..7d0f1d681 100644 --- a/Shorewall/Macros/macro.Ping +++ b/Shorewall/Macros/macro.Ping @@ -6,6 +6,8 @@ # This macro handles 'ping' requests. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - icmp 8 diff --git a/Shorewall/Macros/macro.PostgreSQL b/Shorewall/Macros/macro.PostgreSQL index cd360ecaf..d90d51661 100644 --- a/Shorewall/Macros/macro.PostgreSQL +++ b/Shorewall/Macros/macro.PostgreSQL @@ -6,6 +6,8 @@ # This macro handles connections to the PostgreSQL server. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 5432 diff --git a/Shorewall/Macros/macro.Printer b/Shorewall/Macros/macro.Printer index e11c43cfc..bac1e7714 100644 --- a/Shorewall/Macros/macro.Printer +++ b/Shorewall/Macros/macro.Printer @@ -6,6 +6,8 @@ # This macro handles Line Printer protocol printing. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 515 diff --git a/Shorewall/Macros/macro.Puppet b/Shorewall/Macros/macro.Puppet index 9be9c9c95..499be4ef9 100644 --- a/Shorewall/Macros/macro.Puppet +++ b/Shorewall/Macros/macro.Puppet @@ -7,6 +7,8 @@ # management system. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 8140 diff --git a/Shorewall/Macros/macro.RDP b/Shorewall/Macros/macro.RDP index 2a5ed5d49..b399af9b0 100644 --- a/Shorewall/Macros/macro.RDP +++ b/Shorewall/Macros/macro.RDP @@ -6,6 +6,8 @@ # This macro handles Microsoft RDP (Remote Desktop) traffic. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 3389 diff --git a/Shorewall/Macros/macro.RIPbi b/Shorewall/Macros/macro.RIPbi index 91273053d..95f6bd505 100644 --- a/Shorewall/Macros/macro.RIPbi +++ b/Shorewall/Macros/macro.RIPbi @@ -6,8 +6,9 @@ # This macro handles RIP (Routing Information Protocol) - bidirectional # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP -PARAM - - udp 520 -PARAM DEST SOURCE udp 520 - +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP +PARAM - - udp 520 +PARAM DEST SOURCE udp 520 diff --git a/Shorewall/Macros/macro.RNDC b/Shorewall/Macros/macro.RNDC index 6e5894888..5bc5cb660 100644 --- a/Shorewall/Macros/macro.RNDC +++ b/Shorewall/Macros/macro.RNDC @@ -6,6 +6,8 @@ # This macro handles RNDC (BIND remote management protocol) traffic. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 953 diff --git a/Shorewall/Macros/macro.Razor b/Shorewall/Macros/macro.Razor index 731082970..115c458f0 100644 --- a/Shorewall/Macros/macro.Razor +++ b/Shorewall/Macros/macro.Razor @@ -6,6 +6,8 @@ # This macro handles traffic for the Razor Antispam System # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP -ACCEPT - - tcp 2703 +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP +ACCEPT - - tcp 2703 diff --git a/Shorewall/Macros/macro.Rdate b/Shorewall/Macros/macro.Rdate index 97e23ce76..c25fbba01 100644 --- a/Shorewall/Macros/macro.Rdate +++ b/Shorewall/Macros/macro.Rdate @@ -10,6 +10,8 @@ # use Time macro instead. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 37 diff --git a/Shorewall/Macros/macro.Reject b/Shorewall/Macros/macro.Reject index 492904f95..39f99a235 100644 --- a/Shorewall/Macros/macro.Reject +++ b/Shorewall/Macros/macro.Reject @@ -12,8 +12,10 @@ # # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP # # Don't log 'auth' REJECT # diff --git a/Shorewall/Macros/macro.Rfc1918 b/Shorewall/Macros/macro.Rfc1918 index 3dca82b2b..9817a99f5 100644 --- a/Shorewall/Macros/macro.Rfc1918 +++ b/Shorewall/Macros/macro.Rfc1918 @@ -3,11 +3,14 @@ # # /usr/share/shorewall/macro.Rfc1918 # -# This macro handles pkts with a SOURCE or ORIGINAL DEST address reserved by RFC 1918 +# This macro handles pkts with a SOURCE or ORIGINAL DEST address +# reserved by RFC 1918 +# ############################################################################################# -#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ -# PORT(S) PORT(S) DEST LIMIT GROUP ?FORMAT 2 +############################################################################################# +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM SOURCE:10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 \ - DEST - - - - - - + DEST PARAM SOURCE DEST - - - 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 diff --git a/Shorewall/Macros/macro.Rsync b/Shorewall/Macros/macro.Rsync index 5c8adce51..c8983ce5f 100644 --- a/Shorewall/Macros/macro.Rsync +++ b/Shorewall/Macros/macro.Rsync @@ -6,6 +6,8 @@ # This macro handles connections to the rsync server. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 873 diff --git a/Shorewall/Macros/macro.SANE b/Shorewall/Macros/macro.SANE index 7bed29b98..6862b318d 100644 --- a/Shorewall/Macros/macro.SANE +++ b/Shorewall/Macros/macro.SANE @@ -7,8 +7,9 @@ # ############################################################################### ?FORMAT 2 -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP ?if ( __CT_TARGET && ! $AUTOHELPERS && __SANE_HELPER ) PARAM - - tcp 6566 ; helper=sane diff --git a/Shorewall/Macros/macro.SIP b/Shorewall/Macros/macro.SIP index a1c02c5c0..7d87b2cc7 100644 --- a/Shorewall/Macros/macro.SIP +++ b/Shorewall/Macros/macro.SIP @@ -7,8 +7,9 @@ # ############################################################################### ?FORMAT 2 -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP ?if ( __CT_TARGET && ! $AUTOHELPERS && __SIP_HELPER ) PARAM - - udp 5060 ; helper=sip diff --git a/Shorewall/Macros/macro.SMB b/Shorewall/Macros/macro.SMB index d6bc3c659..a6aa000a0 100644 --- a/Shorewall/Macros/macro.SMB +++ b/Shorewall/Macros/macro.SMB @@ -11,8 +11,9 @@ # ############################################################################### ?FORMAT 2 -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - udp 135,445 ?if ( __CT_TARGET && ! $AUTOHELPERS && __NETBIOS_NS_HELPER ) diff --git a/Shorewall/Macros/macro.SMBBI b/Shorewall/Macros/macro.SMBBI index 4e1865a95..ffb6bfa54 100644 --- a/Shorewall/Macros/macro.SMBBI +++ b/Shorewall/Macros/macro.SMBBI @@ -11,8 +11,9 @@ # ############################################################################### ?FORMAT 2 -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - udp 135,445 ?if ( __CT_TARGET && ! $AUTOHELPERS && __NETBIOS_NS_HELPER ) diff --git a/Shorewall/Macros/macro.SMBswat b/Shorewall/Macros/macro.SMBswat index 3a661ca6d..524caa90c 100644 --- a/Shorewall/Macros/macro.SMBswat +++ b/Shorewall/Macros/macro.SMBswat @@ -7,6 +7,8 @@ # (SWAT). # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 901 diff --git a/Shorewall/Macros/macro.SMTP b/Shorewall/Macros/macro.SMTP index 33b546069..ff3d53b88 100644 --- a/Shorewall/Macros/macro.SMTP +++ b/Shorewall/Macros/macro.SMTP @@ -14,6 +14,8 @@ # the POP3 or IMAP macros. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 25 diff --git a/Shorewall/Macros/macro.SMTPS b/Shorewall/Macros/macro.SMTPS index c45c13bbf..df260b702 100644 --- a/Shorewall/Macros/macro.SMTPS +++ b/Shorewall/Macros/macro.SMTPS @@ -11,6 +11,8 @@ # the POP3(S) or IMAP(S) macros. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 465 diff --git a/Shorewall/Macros/macro.SNMP b/Shorewall/Macros/macro.SNMP index 3811cb91e..6e1e7fd9f 100644 --- a/Shorewall/Macros/macro.SNMP +++ b/Shorewall/Macros/macro.SNMP @@ -9,8 +9,9 @@ # ############################################################################### ?FORMAT 2 -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP ?if ( __CT_TARGET && ! $AUTOHELPERS && __SNMP_HELPER ) PARAM - - udp 161 ; helper=snmp diff --git a/Shorewall/Macros/macro.SNMPTrap b/Shorewall/Macros/macro.SNMPTrap index 9bf5b23f9..09e417a38 100644 --- a/Shorewall/Macros/macro.SNMPTrap +++ b/Shorewall/Macros/macro.SNMPTrap @@ -1,12 +1,13 @@ # # Shorewall version 4 - SNMP Trap Macro # -# /usr/share/shorewall/macro.SNMP +# /usr/share/shorewall/macro.SNMPtrap # # This macro handles SNMP traps. # ############################################################################### ?FORMAT 2 -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - udp 162 diff --git a/Shorewall/Macros/macro.SPAMD b/Shorewall/Macros/macro.SPAMD index d2225a2ad..ec2b557da 100644 --- a/Shorewall/Macros/macro.SPAMD +++ b/Shorewall/Macros/macro.SPAMD @@ -6,6 +6,8 @@ # This macro handles Spam Assassin SPAMD traffic. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 783 diff --git a/Shorewall/Macros/macro.SSH b/Shorewall/Macros/macro.SSH index 65e2a4982..bc8a29d4d 100644 --- a/Shorewall/Macros/macro.SSH +++ b/Shorewall/Macros/macro.SSH @@ -6,6 +6,8 @@ # This macro handles secure shell (SSH) traffic. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 22 diff --git a/Shorewall/Macros/macro.SVN b/Shorewall/Macros/macro.SVN index b6181bd8c..e3bd4bdc6 100644 --- a/Shorewall/Macros/macro.SVN +++ b/Shorewall/Macros/macro.SVN @@ -7,6 +7,8 @@ # # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 3690 diff --git a/Shorewall/Macros/macro.SixXS b/Shorewall/Macros/macro.SixXS index 5f86683f6..71bc97894 100644 --- a/Shorewall/Macros/macro.SixXS +++ b/Shorewall/Macros/macro.SixXS @@ -6,8 +6,10 @@ # This macro handles SixXS -- An IPv6 Deployment and Tunnel Broker # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP # # Used for retrieving the tunnel information (eg by AICCU) PARAM - - tcp 3874 diff --git a/Shorewall/Macros/macro.Squid b/Shorewall/Macros/macro.Squid index 82c97b44d..f92e3b8a0 100644 --- a/Shorewall/Macros/macro.Squid +++ b/Shorewall/Macros/macro.Squid @@ -6,6 +6,8 @@ # This macro handles Squid web proxy traffic # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 3128 diff --git a/Shorewall/Macros/macro.Submission b/Shorewall/Macros/macro.Submission index ac95b7fee..db664248f 100644 --- a/Shorewall/Macros/macro.Submission +++ b/Shorewall/Macros/macro.Submission @@ -6,6 +6,8 @@ # This macro handles mail message submission traffic. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 587 diff --git a/Shorewall/Macros/macro.Syslog b/Shorewall/Macros/macro.Syslog index c5870779a..3f3228d27 100644 --- a/Shorewall/Macros/macro.Syslog +++ b/Shorewall/Macros/macro.Syslog @@ -6,7 +6,9 @@ # This macro handles syslog traffic. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - udp 514 PARAM - - tcp 514 diff --git a/Shorewall/Macros/macro.TFTP b/Shorewall/Macros/macro.TFTP index 87c57ea65..723f9dc4b 100644 --- a/Shorewall/Macros/macro.TFTP +++ b/Shorewall/Macros/macro.TFTP @@ -9,8 +9,9 @@ # ############################################################################### ?FORMAT 2 -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP ?if ( __CT_TARGET && ! $AUTOHELPERS && __TFTP_HELPER ) PARAM - - udp 69 ; helper=tftp diff --git a/Shorewall/Macros/macro.Telnet b/Shorewall/Macros/macro.Telnet index c2d98edc3..2dcf18e6f 100644 --- a/Shorewall/Macros/macro.Telnet +++ b/Shorewall/Macros/macro.Telnet @@ -7,6 +7,8 @@ # internet, telnet is inappropriate; use SSH instead # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 23 diff --git a/Shorewall/Macros/macro.Telnets b/Shorewall/Macros/macro.Telnets index c498bae67..4c02de183 100644 --- a/Shorewall/Macros/macro.Telnets +++ b/Shorewall/Macros/macro.Telnets @@ -7,6 +7,8 @@ # For traffic over the internet, SSH might be more practical. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 992 diff --git a/Shorewall/Macros/macro.Teredo b/Shorewall/Macros/macro.Teredo index e2b1ea450..fd349435a 100644 --- a/Shorewall/Macros/macro.Teredo +++ b/Shorewall/Macros/macro.Teredo @@ -6,6 +6,8 @@ # This macro handles Teredo IPv6 over UDP tunneling traffic # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - udp 3544 diff --git a/Shorewall/Macros/macro.Time b/Shorewall/Macros/macro.Time index ca0b7c1e6..002bb34b0 100644 --- a/Shorewall/Macros/macro.Time +++ b/Shorewall/Macros/macro.Time @@ -8,6 +8,8 @@ # you shouldn't be using this. NTP is a superior alternative. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 37 diff --git a/Shorewall/Macros/macro.Trcrt b/Shorewall/Macros/macro.Trcrt index 5d6f17122..579924ac3 100644 --- a/Shorewall/Macros/macro.Trcrt +++ b/Shorewall/Macros/macro.Trcrt @@ -6,7 +6,9 @@ # This macro handles Traceroute (for up to 30 hops). # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - udp 33434:33524 # UDP Traceroute PARAM - - icmp 8 # ICMP Traceroute diff --git a/Shorewall/Macros/macro.VNC b/Shorewall/Macros/macro.VNC index 79a2dc994..a65490fbe 100644 --- a/Shorewall/Macros/macro.VNC +++ b/Shorewall/Macros/macro.VNC @@ -6,6 +6,8 @@ # This macro handles VNC traffic for VNC display's 0 - 9. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 5900:5909 diff --git a/Shorewall/Macros/macro.VNCL b/Shorewall/Macros/macro.VNCL index e8bc6e83e..39695066f 100644 --- a/Shorewall/Macros/macro.VNCL +++ b/Shorewall/Macros/macro.VNCL @@ -7,6 +7,8 @@ # mode. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 5500 diff --git a/Shorewall/Macros/macro.VRRP b/Shorewall/Macros/macro.VRRP index a9d5bd755..065b59d6b 100644 --- a/Shorewall/Macros/macro.VRRP +++ b/Shorewall/Macros/macro.VRRP @@ -6,6 +6,8 @@ # This macro handles VRRP traffic. # ############################################################################### -#ACTION SOURCE DEST PROTO -PARAM SOURCE DEST:224.0.0.18 vrrp -#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP +PARAM SOURCE DEST:224.0.0.18 vrrp diff --git a/Shorewall/Macros/macro.Web b/Shorewall/Macros/macro.Web index 349f7e6b0..7c395dedc 100644 --- a/Shorewall/Macros/macro.Web +++ b/Shorewall/Macros/macro.Web @@ -8,7 +8,9 @@ # is recommended. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 80 # HTTP (plaintext) PARAM - - tcp 443 # HTTPS (over SSL) diff --git a/Shorewall/Macros/macro.Webcache b/Shorewall/Macros/macro.Webcache index 5b0ced5ed..6d06cc810 100644 --- a/Shorewall/Macros/macro.Webcache +++ b/Shorewall/Macros/macro.Webcache @@ -6,7 +6,8 @@ # This macro handles Web Caches and Dan't Guardian # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 8080 - diff --git a/Shorewall/Macros/macro.Webmin b/Shorewall/Macros/macro.Webmin index 90b261693..c64ad33ce 100644 --- a/Shorewall/Macros/macro.Webmin +++ b/Shorewall/Macros/macro.Webmin @@ -6,6 +6,8 @@ # This macro handles Webmin traffic. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 10000 diff --git a/Shorewall/Macros/macro.Whois b/Shorewall/Macros/macro.Whois index d0c43ce63..324faaa43 100644 --- a/Shorewall/Macros/macro.Whois +++ b/Shorewall/Macros/macro.Whois @@ -6,6 +6,8 @@ # This macro handles whois (nicname) traffic. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 43 diff --git a/Shorewall/Macros/macro.Xymon b/Shorewall/Macros/macro.Xymon index b67449a45..41dd99cbd 100644 --- a/Shorewall/Macros/macro.Xymon +++ b/Shorewall/Macros/macro.Xymon @@ -6,6 +6,8 @@ # This macro handles Xymon traffic. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - tcp 1984 diff --git a/Shorewall/Macros/macro.mDNS b/Shorewall/Macros/macro.mDNS index a4fad6e8a..49f9f11c3 100644 --- a/Shorewall/Macros/macro.mDNS +++ b/Shorewall/Macros/macro.mDNS @@ -8,8 +8,10 @@ # This macro handles multicast DNS traffic # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE +# PORT(S) PORT(S) DEST LIMIT PARAM - 224.0.0.251 udp 5353 PARAM - - udp 1024: 5353 PARAM - 224.0.0.251 2 diff --git a/Shorewall/Macros/macro.mDNSbi b/Shorewall/Macros/macro.mDNSbi index adacece4b..3a687b9d4 100644 --- a/Shorewall/Macros/macro.mDNSbi +++ b/Shorewall/Macros/macro.mDNSbi @@ -6,8 +6,10 @@ # This macro handles multicast DNS traffic # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE +# PORT(S) PORT(S) DEST LIMIT PARAM - 224.0.0.251 udp 5353 PARAM - - udp 1024: 5353 PARAM - 224.0.0.251 2 diff --git a/Shorewall/Macros/macro.template b/Shorewall/Macros/macro.template index 9e2ec2199..70e4215cc 100644 --- a/Shorewall/Macros/macro.template +++ b/Shorewall/Macros/macro.template @@ -20,20 +20,20 @@ # # /etc/shorewall/macro.FwdFTP: # -# #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ -# # PORT(S) PORT(S) DEST LIMIT GROUP +# #ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# # PORT(S) PORT(S) DEST LIMIT GROUP # DNAT - - tcp 21 # # /etc/shorewall/rules: # -# #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ -# # PORT(S) PORT(S) DEST LIMIT GROUP +# #ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# # PORT(S) PORT(S) DEST LIMIT GROUP # FwdFTP net loc:192.168.1.5 # # The result is equivalent to: # -# #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ -# # PORT(S) PORT(S) DEST LIMIT GROUP +# #ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# # PORT(S) PORT(S) DEST LIMIT GROUP # DNAT net loc:192.168.1.5 tcp 21 # # The substitution rules are as follows: @@ -71,11 +71,13 @@ # Remaining Any value in the rules file REPLACES the value # columns given in the macro file. # -# Multiple parameters may be passed to a macro. Within this file, $1 refers to the first parameter, -# $2 to the second an so on. $1 is a synonym for PARAM but may be used anywhere in the file whereas -# PARAM may only be used in the ACTION column. +# Multiple parameters may be passed to a macro. Within this file, $1 refers +# to the first parameter, $2 to the second an so on. $1 is a synonym for +# PARAM but may be used anywhere in the file whereas PARAM may only be used +# in the ACTION column. # -# You can specify default values for parameters by using DEFAULT or DEFAULTS entry: +# You can specify default values for parameters by using DEFAULT or DEFAULTS +# entry: # # DEFAULTS ,,... # diff --git a/Shorewall/Perl/Shorewall/Compiler.pm b/Shorewall/Perl/Shorewall/Compiler.pm index 5163f63b4..c5dc63f75 100644 --- a/Shorewall/Perl/Shorewall/Compiler.pm +++ b/Shorewall/Perl/Shorewall/Compiler.pm @@ -377,21 +377,20 @@ sub generate_script_3($) { emit ''; + emit ( 'if [ "$COMMAND" = refresh ]; then' , + ' run_refresh_exit' , + 'else' , + ' run_init_exit', + 'fi', + '' ); + load_ipsets; create_nfobjects; + verify_address_variables; + save_dynamic_chains; + mark_firewall_not_started; if ( $family == F_IPV4 ) { - emit ( 'if [ "$COMMAND" = refresh ]; then' , - ' run_refresh_exit' , - 'else' , - ' run_init_exit', - 'fi', - '' ); - - verify_address_variables; - save_dynamic_chains; - mark_firewall_not_started; - emit ( '', 'delete_proxyarp', '' @@ -410,16 +409,15 @@ sub generate_script_3($) { emit "disable_ipv6\n" if $config{DISABLE_IPV6}; } else { - emit ( 'if [ "$COMMAND" = refresh ]; then' , - ' run_refresh_exit' , - 'else' , - ' run_init_exit', - 'fi', - '' ); - - verify_address_variables; - save_dynamic_chains; - mark_firewall_not_started; + if ( have_capability( 'NAT_ENABLED' ) ) { + emit( 'if [ -f ${VARDIR}/nat ]; then', + ' while read external interface; do', + ' del_ip_addr $external $interface', + ' done < ${VARDIR}/nat', + '', + ' rm -f ${VARDIR}/nat', + "fi\n" ); + } emit ('', 'delete_proxyndp', diff --git a/Shorewall6/Macros/macro.Ping b/Shorewall6/Macros/macro.Ping index 0ebfbddc0..c95818f76 100644 --- a/Shorewall6/Macros/macro.Ping +++ b/Shorewall6/Macros/macro.Ping @@ -6,6 +6,8 @@ # This macro handles 'ping' requests. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - ipv6-icmp 128 diff --git a/Shorewall6/Macros/macro.Trcrt b/Shorewall6/Macros/macro.Trcrt index 4a43b3e7e..7e5750b17 100644 --- a/Shorewall6/Macros/macro.Trcrt +++ b/Shorewall6/Macros/macro.Trcrt @@ -6,7 +6,9 @@ # This macro handles Traceroute (for up to 30 hops). # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ +# PORT(S) PORT(S) DEST LIMIT GROUP PARAM - - udp 33434:33524 # UDP Traceroute PARAM - - ipv6-icmp 128 # ICMP Traceroute diff --git a/Shorewall6/Macros/macro.mDNS b/Shorewall6/Macros/macro.mDNS index 45397acf1..45fc31d79 100644 --- a/Shorewall6/Macros/macro.mDNS +++ b/Shorewall6/Macros/macro.mDNS @@ -6,8 +6,10 @@ # This macro handles multicast DNS traffic. # ############################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ -# PORT(S) PORT(S) LIMIT GROUP +?FORMAT 2 +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE +# PORT(S) PORT(S) PARAM - udp 5353 PARAM - - udp 32768: 5353 PARAM - 2