Allow wide MARK values in tcclasses when WIDE_TC_MARKS=Yes

This reverts commit 728ad2fecf.

Samples/one-interface/interfaces

@@ -10,10 +10,6 @@
 # See the file README.txt for further details.
 #------------------------------------------------------------------------------
 # For information about entries in this file, type "man shorewall-interfaces"
-#
-# For additional information, see
-# http://shorewall.net/Documentation.htm#Interfaces
-#
 ###############################################################################
 #ZONE	INTERFACE	BROADCAST	OPTIONS
 net     eth0            detect          dhcp,tcpflags,logmartians,nosmurfs

Samples/one-interface/policy

@@ -10,9 +10,6 @@
 # See the file README.txt for further details.
 #-----------------------------------------------------------------------------
 # For information about entries in this file, type "man shorewall-policy"
-#
-# See http://shorewall.net/Documentation.htm#Policy for additional information.
-#
 ###############################################################################
 #SOURCE		DEST		POLICY		LOG LEVEL	LIMIT:BURST
 $FW		net		ACCEPT

Samples/one-interface/rules

@@ -10,16 +10,13 @@
 # See the file README.txt for further details.
 #------------------------------------------------------------------------------------------------------------
 # For information on entries in this file, type "man shorewall-rules"
-#
-# For more information, see http://www.shorewall.net/Documentation.htm#Zones
-#
 #############################################################################################################
 #ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK
 #							PORT	PORT(S)		DEST		LIMIT		GROUP
 
 # Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
 
-Ping/DROP	net		$FW
+Ping(DROP)	net		$FW
 
 # Permit all ICMP traffic FROM the firewall TO the net zone
 

Samples/one-interface/shorewall.conf

@@ -34,9 +34,9 @@ VERBOSITY=1
 
 LOGFILE=/var/log/messages
 
-STARTUP_LOG=
+STARTUP_LOG=/var/log/shorewall-init.log
 
-LOG_VERBOSITY=
+LOG_VERBOSITY=2
 
 LOGFORMAT="Shorewall:%s:%s:"
 
@@ -107,7 +107,7 @@ RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
 #			F I R E W A L L	  O P T I O N S
 ###############################################################################
 
-IP_FORWARDING=On
+IP_FORWARDING=Off
 
 ADD_IP_ALIASES=Yes
 
@@ -191,6 +191,10 @@ AUTOMAKE=No
 
 WIDE_TC_MARKS=Yes
 
+TRACK_PROVIDERS=Yes
+
+ZONE2ZONE=2
+
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################

Samples/one-interface/zones

@@ -10,9 +10,6 @@
 # See the file README.txt for further details.
 #-----------------------------------------------------------------------------
 # For information about entries in this file, type "man shorewall-zones"
-#
-# For more information, see http://www.shorewall.net/Documentation.htm#Zones
-#
 ###############################################################################
 #ZONE	TYPE	OPTIONS			IN			OUT
 #					OPTIONS			OPTIONS

Samples/three-interfaces/interfaces

@@ -10,10 +10,6 @@
 # See the file README.txt for further details.
 #------------------------------------------------------------------------------
 # For information about entries in this file, type "man shorewall-interfaces"
-#
-# For additional information, see
-# http://shorewall.net/Documentation.htm#Interfaces
-#
 ###############################################################################
 #ZONE	INTERFACE	BROADCAST	OPTIONS
 net     eth0            detect          tcpflags,dhcp,nosmurfs,routefilter,logmartians

Samples/three-interfaces/masq

@@ -10,9 +10,6 @@
 # See the file README.txt for further details.
 #------------------------------------------------------------------------------
 # For information about entries in this file, type "man shorewall-masq"
-#
-# For additional information, see http://shorewall.net/Documentation.htm#Masq
-#
 ##############################################################################
 #INTERFACE		SOURCE		ADDRESS		PROTO	PORT(S)	IPSEC	MARK
 eth0			10.0.0.0/8,\

Samples/three-interfaces/policy

@@ -10,9 +10,6 @@
 # See the file README.txt for further details.
 #------------------------------------------------------------------------------
 # For information about entries in this file, type "man shorewall-policy"
-#
-# See http://shorewall.net/Documentation.htm#Policy for additional information.
-#
 ###############################################################################
 #SOURCE		DEST		POLICY		LOG LEVEL	LIMIT:BURST
 

Samples/three-interfaces/routestopped

@@ -10,11 +10,6 @@
 # See the file README.txt for further details.
 #------------------------------------------------------------------------------
 # For information about entries in this file, type "man shorewall-routestopped"
-#
-# See http://shorewall.net/Documentation.htm#Routestopped and
-# http://shorewall.net/starting_and_stopping_shorewall.htm for additional
-# information.
-#
 ##############################################################################
 #INTERFACE	HOST(S)
 eth1		-

Samples/three-interfaces/rules

@@ -10,42 +10,39 @@
 # See the file README.txt for further details.
 #------------------------------------------------------------------------------------------------------------
 # For information about entries in this file, type "man shorewall-rules"
-#
-# For additional information, see http://shorewall.net/Documentation.htm#Rules
-#
 #############################################################################################################
 #ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK
 #							PORT	PORT(S)		DEST		LIMIT		GROUP
 #
 #	Accept DNS connections from the firewall to the Internet
 #
-DNS/ACCEPT	$FW		net
+DNS(ACCEPT)	$FW		net
 #
 #
 #	Accept SSH connections from the local network to the firewall and DMZ
 #
-SSH/ACCEPT      loc             $FW
+SSH(ACCEPT)     loc             $FW
-SSH/ACCEPT      loc             dmz
+SSH(ACCEPT)     loc             dmz
 #
 #	DMZ DNS access to the Internet
 #
-DNS/ACCEPT	dmz		net
+DNS(ACCEPT)	dmz		net
 
 
 # Drop Ping from the "bad" net zone.
 
-Ping/DROP   	net             $FW
+Ping(DROP)   	net             $FW
 
 #
 #       Make ping work bi-directionally between the dmz, net, Firewall and local zone
 #       (assumes that the loc-> net policy is ACCEPT).
 #
 
-Ping/ACCEPT     loc             $FW
+Ping(ACCEPT)    loc             $FW
-Ping/ACCEPT     dmz             $FW
+Ping(ACCEPT)    dmz             $FW
-Ping/ACCEPT     loc             dmz
+Ping(ACCEPT)    loc             dmz
-Ping/ACCEPT     dmz             loc
+Ping(ACCEPT)    dmz             loc
-Ping/ACCEPT     dmz             net
+Ping(ACCEPT)    dmz             net
 
 ACCEPT		$FW		net		icmp
 ACCEPT		$FW		loc		icmp
@@ -54,5 +51,5 @@ ACCEPT		$FW		dmz		icmp
 # Uncomment this if using Proxy ARP and static NAT and you want to allow ping from
 # the net zone to the dmz and loc
 
-#Ping/ACCEPT    net             dmz
+#Ping(ACCEPT)    net             dmz
-#Ping/ACCEPT    net             loc
+#Ping(ACCEPT)    net             loc

Samples/three-interfaces/shorewall.conf

@@ -34,9 +34,9 @@ VERBOSITY=1
 
 LOGFILE=/var/log/messages
 
-STARTUP_LOG=
+STARTUP_LOG=/var/log/shorewall-init.log
 
-LOG_VERBOSITY=
+LOG_VERBOSITY=2
 
 LOGFORMAT="Shorewall:%s:%s:"
 
@@ -191,6 +191,10 @@ AUTOMAKE=No
 
 WIDE_TC_MARKS=Yes
 
+TRACK_PROVIDERS=Yes
+
+ZONE2ZONE=2
+
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################

Samples/three-interfaces/zones

@@ -10,9 +10,6 @@
 # See the file README.txt for further details.
 #------------------------------------------------------------------------------
 # For information about entries in this file, type "man shorewall-zones"
-#
-# For more information, see http://www.shorewall.net/Documentation.htm#Zones
-#
 ###############################################################################
 #ZONE	TYPE	OPTIONS			IN			OUT
 #					OPTIONS			OPTIONS

Samples/two-interfaces/interfaces

@@ -10,10 +10,6 @@
 # See the file README.txt for further details.
 #------------------------------------------------------------------------------
 # For information about entries in this file, type "man shorewall-interfaces"
-#
-# For additional information, see
-# http://shorewall.net/Documentation.htm#Interfaces
-#
 ###############################################################################
 #ZONE	INTERFACE	BROADCAST	OPTIONS
 net     eth0            detect          dhcp,tcpflags,nosmurfs,routefilter,logmartians

Samples/two-interfaces/masq

@@ -10,9 +10,6 @@
 # See the file README.txt for further details.
 #------------------------------------------------------------------------------
 # For information about entries in this file, type "man shorewall-masq"
-#
-# For additional information, see http://shorewall.net/Documentation.htm#Masq
-#
 ###############################################################################
 #INTERFACE		SOURCE		ADDRESS		PROTO	PORT(S)	IPSEC	MARK
 eth0			10.0.0.0/8,\

Samples/two-interfaces/policy

@@ -10,9 +10,6 @@
 # See the file README.txt for further details.
 #------------------------------------------------------------------------------
 # For information about entries in this file, type "man shorewall-policy"
-#
-# See http://shorewall.net/Documentation.htm#Policy for additional information.
-#
 ###############################################################################
 #SOURCE		DEST		POLICY		LOG LEVEL	LIMIT:BURST
 

Samples/two-interfaces/routestopped

@@ -10,11 +10,6 @@
 # See the file README.txt for further details.
 #------------------------------------------------------------------------------
 # For information about entries in this file, type "man shorewall-routestopped"
-#
-# See http://shorewall.net/Documentation.htm#Routestopped and
-# http://shorewall.net/starting_and_stopping_shorewall.htm for additional
-# information.
-#
 ##############################################################################
 #INTERFACE	HOST(S)                  OPTIONS
 eth1		-

Samples/two-interfaces/rules

@@ -10,30 +10,27 @@
 # See the file README.txt for further details.
 #------------------------------------------------------------------------------
 # For information about entries in this file, type "man shorewall-rules"
-#
-# For more information, see http://www.shorewall.net/Documentation.htm#Rules
-#
 #############################################################################################################
 #ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK
 #							PORT	PORT(S)		DEST		LIMIT		GROUP
 #
 #	Accept DNS connections from the firewall to the network
 #
-DNS/ACCEPT	$FW		net
+DNS(ACCEPT)	$FW		net
 #
 #	Accept SSH connections from the local network for administration
 #
-SSH/ACCEPT	loc		$FW
+SSH(ACCEPT)	loc		$FW
 #
 #	Allow Ping from the local network
 #
-Ping/ACCEPT	loc		$FW
+Ping(ACCEPT)	loc		$FW
 
 #
 # Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
 #
 
-Ping/DROP	net		$FW
+Ping(DROP)	net		$FW
 
 ACCEPT		$FW		loc		icmp
 ACCEPT		$FW		net		icmp

Samples/two-interfaces/shorewall.conf

@@ -41,9 +41,9 @@ SHOREWALL_COMPILER=
 
 LOGFILE=/var/log/messages
 
-STARTUP_LOG=
+STARTUP_LOG=/var/log/shorewall-init.log
 
-LOG_VERBOSITY=
+LOG_VERBOSITY=2
 
 LOGFORMAT="Shorewall:%s:%s:"
 
@@ -198,6 +198,10 @@ AUTOMAKE=No
 
 WIDE_TC_MARKS=Yes
 
+TRACK_PROVIDERS=Yes
+
+ZONE2ZONE=2
+
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################

Samples/two-interfaces/zones

@@ -10,9 +10,6 @@
 # See the file README.txt for further details.
 #------------------------------------------------------------------------------
 # For information about entries in this file, type "man shorewall-zones"
-#
-# For more information, see http://www.shorewall.net/Documentation.htm#Zones
-#
 ###############################################################################
 #ZONE	TYPE	OPTIONS			IN			OUT
 #					OPTIONS			OPTIONS

Samples6/one-interface/rules

@@ -16,10 +16,9 @@
 
 # Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
 
-Ping/DROP	net		$FW
+Ping(DROP)	net		$FW
 
 # Permit all ICMP traffic FROM the firewall TO the net zone
 
 ACCEPT		$FW		net		ipv6-icmp
 
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Samples6/one-interface/shorewall6.conf

@@ -32,9 +32,9 @@ VERBOSITY=1
 
 LOGFILE=/var/log/messages
 
-STARTUP_LOG=
+STARTUP_LOG=/var/log/shorewall6-init.log
 
-LOG_VERBOSITY=
+LOG_VERBOSITY=2
 
 LOGFORMAT="Shorewall:%s:%s:"
 
@@ -139,6 +139,10 @@ AUTOMAKE=No
 
 WIDE_TC_MARKS=Yes
 
+TRACK_PROVIDERS=Yes
+
+ZONE2ZONE=2
+
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################

Samples6/three-interfaces/rules

@@ -16,33 +16,33 @@
 #
 #	Accept DNS connections from the firewall to the Internet
 #
-DNS/ACCEPT	$FW		net
+DNS(ACCEPT)	$FW		net
 #
 #
 #	Accept SSH connections from the local network to the firewall and DMZ
 #
-SSH/ACCEPT      loc             $FW
+SSH(ACCEPT)     loc             $FW
-SSH/ACCEPT      loc             dmz
+SSH(ACCEPT)     loc             dmz
 #
 #	DMZ DNS access to the Internet
 #
-DNS/ACCEPT	dmz		net
+DNS(ACCEPT)	dmz		net
 
 
 # Drop Ping from the "bad" net zone.
 
-Ping/DROP   	net             $FW
+Ping(DROP)   	net             $FW
 
 #
 #       Make ping work bi-directionally between the dmz, net, Firewall and local zone
 #       (assumes that the loc-> net policy is ACCEPT).
 #
 
-Ping/ACCEPT     loc             $FW
+Ping(ACCEPT)    loc             $FW
-Ping/ACCEPT     dmz             $FW
+Ping(ACCEPT)    dmz             $FW
-Ping/ACCEPT     loc             dmz
+Ping(ACCEPT)    loc             dmz
-Ping/ACCEPT     dmz             loc
+Ping(ACCEPT)    dmz             loc
-Ping/ACCEPT     dmz             net
+Ping(ACCEPT)    dmz             net
 
 ACCEPT		$FW		net		ipv6-icmp
 ACCEPT		$FW		loc		ipv6-icmp
@@ -51,6 +51,6 @@ ACCEPT		$FW		dmz		ipv6-icmp
 # Uncomment this if using Proxy ARP and static NAT and you want to allow ping from
 # the net zone to the dmz and loc
 
-#Ping/ACCEPT    net             dmz
+#Ping(ACCEPT)    net             dmz
-#Ping/ACCEPT    net             loc
+#Ping(ACCEPT)    net             loc
 

Samples6/three-interfaces/shorewall6.conf

@@ -32,9 +32,9 @@ VERBOSITY=1
 
 LOGFILE=/var/log/messages
 
-STARTUP_LOG=
+STARTUP_LOG=/var/log/shorewall6-init.log
 
-LOG_VERBOSITY=
+LOG_VERBOSITY=2
 
 LOGFORMAT="Shorewall:%s:%s:"
 
@@ -139,6 +139,10 @@ AUTOMAKE=No
 
 WIDE_TC_MARKS=Yes
 
+TRACK_PROVIDERS=Yes
+
+ZONE2ZONE=2
+
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################

Samples6/two-interfaces/rules

@@ -16,21 +16,21 @@
 #
 #	Accept DNS connections from the firewall to the network
 #
-DNS/ACCEPT	$FW		net
+DNS(ACCEPT)	$FW		net
 #
 #	Accept SSH connections from the local network for administration
 #
-SSH/ACCEPT	loc		$FW
+SSH(ACCEPT)	loc		$FW
 #
 #	Allow Ping from the local network
 #
-Ping/ACCEPT	loc		$FW
+Ping(ACCEPT)	loc		$FW
 
 #
 # Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
 #
 
-Ping/DROP	net		$FW
+Ping(DROP)	net		$FW
 
 ACCEPT		$FW		loc		ipv6-icmp
 ACCEPT		$FW		net		ipv6-icmp

Samples6/two-interfaces/shorewall6.conf

@@ -32,9 +32,9 @@ VERBOSITY=1
 
 LOGFILE=/var/log/messages
 
-STARTUP_LOG=
+STARTUP_LOG=/var/log/shorewall6-init.log
 
-LOG_VERBOSITY=
+LOG_VERBOSITY=2
 
 LOGFORMAT="Shorewall:%s:%s:"
 
@@ -139,6 +139,10 @@ AUTOMAKE=No
 
 WIDE_TC_MARKS=Yes
 
+TRACK_PROVIDERS=Yes
+
+ZONE2ZONE=2
+
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################

Shorewall-lite/default.debian

@@ -21,4 +21,9 @@ startup=0
 
 OPTIONS=""
 
+#
+# Init Log -- if /dev/null, use the STARTUP_LOG defined in shorewall.conf
+#
+INITLOG=/dev/null
+
 # EOF

Shorewall-lite/fallback.sh

@@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.
 
-VERSION=4.4.0-RC2
+VERSION=4.4.4
 
 usage() # $1 = exit status
 {

Shorewall-lite/init.debian.sh

@@ -15,9 +15,7 @@
 
 SRWL=/sbin/shorewall-lite
 SRWL_OPTS="-tvv"
-# Note, set INITLOG to /dev/null if you do not want to
+test -n ${INITLOG:=/var/log/shorewall-lite-init.log}
-# keep logs of the firewall (not recommended)
-INITLOG=/var/log/shorewall-lite-init.log
 
 [ "$INITLOG" eq "/dev/null" && SHOREWALL_INIT_SCRIPT=1 || SHOREWALL_INIT_SCRIPT=0
 
@@ -25,7 +23,7 @@ export SHOREWALL_INIT_SCRIPT
 
 test -x $SRWL || exit 0
 test -x $WAIT_FOR_IFUP || exit 0
-test -n $INITLOG || {
+test -n "$INITLOG" || {
 	echo "INITLOG cannot be empty, please configure $0" ; 
 	exit 1;
 }

Shorewall-lite/install.sh

@@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.0-RC2
+VERSION=4.4.4
 
 usage() # $1 = exit status
 {
@@ -220,6 +220,11 @@ mkdir -p ${PREFIX}/var/lib/shorewall-lite
 chmod 755 ${PREFIX}/etc/shorewall-lite
 chmod 755 ${PREFIX}/usr/share/shorewall-lite
 
+if [ -n "$PREFIX" ]; then
+    mkdir -p ${PREFIX}/etc/logrotate.d
+    chmod 755 ${PREFIX}/etc/logrotate.d
+fi
+
 #
 # Install the config file
 #
@@ -304,6 +309,12 @@ cd ..
 
 echo "Man Pages Installed"
 
+if [ -d ${PREFIX}/etc/logrotate.d ]; then
+    run_install $OWNERSHIP -m 0644 logrotate ${PREFIX}/etc/logrotate.d/shorewall-lite
+    echo "Logrotate file installed as ${PREFIX}/etc/logrotate.d/shorewall-lite"
+fi
+
+
 #
 # Create the version file
 #

Shorewall-lite/logrotate

@@ -0,0 +1,5 @@
+/var/log/shorewall-init.log {
+  missingok
+  notifempty
+  create 0600 root root
+}

Shorewall-lite/shorewall-lite.spec

@@ -1,6 +1,6 @@
 %define name shorewall-lite
-%define version 4.4.0
+%define version 4.4.4
-%define release 0RC2
+%define release 0base
 
 Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems.
 Name: %{name}
@@ -79,6 +79,8 @@ fi
 %attr(0755,root,root) %dir /usr/share/shorewall-lite
 %attr(0700,root,root) %dir /var/lib/shorewall-lite
 
+%attr(0644,root,root) /etc/logrotate.d/shorewall-lite
+
 %attr(0755,root,root) /sbin/shorewall-lite
 
 %attr(0644,root,root) /usr/share/shorewall-lite/version
@@ -98,6 +100,22 @@ fi
 %doc COPYING changelog.txt releasenotes.txt
 
 %changelog
+* Fri Nov 13 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.4-0base
+* Fri Nov 13 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.4-0Beta2
+* Wed Nov 11 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.4-0Beta1
+* Tue Nov 03 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.3-0base
+* Sun Sep 06 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.2-0base
+* Fri Sep 04 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.2-0base
+* Fri Aug 14 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.1-0base
+* Mon Aug 03 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.0-0base
 * Tue Jul 28 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.0-0RC2
 * Sun Jul 12 2009 Tom Eastep tom@shorewall.net

Shorewall-lite/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.0-RC2
+VERSION=4.4.4
 
 usage() # $1 = exit status
 {

Shorewall/Macros/macro.AllowICMPs

@@ -13,4 +13,3 @@ COMMENT Needed ICMP types
 
 ACCEPT	-	-	icmp	fragmentation-needed
 ACCEPT	-	-	icmp	time-exceeded
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.Amanda

@@ -18,4 +18,3 @@ PARAM	-	-	udp	10080
 # systems which need to pass AMANDA traffic through netfilter.
 #PARAM	-	-	tcp	50000:50100
 #
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.Auth

@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	113
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.BGP

@@ -9,4 +9,3 @@
 #ACTION SOURCE  DEST    PROTO   DEST    SOURCE  RATE    USER/
 #                               PORT(S) PORT(S) LIMIT   GROUP
 PARAM   -       -       tcp     179     				# BGP4
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.BitTorrent

@@ -16,4 +16,3 @@ PARAM	-	-	tcp	6881:6889
 #
 PARAM	-	-	udp	6881
 #
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.BitTorrent32

@@ -14,4 +14,3 @@ PARAM	-	-	tcp	6881:6999
 #
 PARAM	-	-	udp	6881
 #
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.CVS

@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	2401
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.Citrix

@@ -11,4 +11,3 @@
 PARAM   -       -       tcp     1494 				   # ICA
 PARAM   -       -       udp     1604    			   # ICA Browser
 PARAM   -       -       tcp     2598    			   # CGP Session Reliabilty
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.DAAP

@@ -11,4 +11,3 @@
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	3689
 PARAM	-	-	udp	3689
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.DCC

@@ -10,4 +10,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	6277
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.DNS

@@ -10,4 +10,3 @@
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	udp	53
 PARAM	-	-	tcp	53
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.Distcc

@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	3632
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.Drop

@@ -50,4 +50,3 @@ dropNotSyn
 # the log.
 #
 DROP	-	-	udp	-	53
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.DropDNSrep

@@ -12,4 +12,3 @@
 COMMENT Late DNS Replies
 
 DROP	-	-	udp	-	53
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.DropUPnP

@@ -12,4 +12,3 @@
 COMMENT UPnP
 
 DROP	-	-	udp	1900
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.Edonkey

@@ -32,4 +32,3 @@
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	4662
 PARAM	-	-	udp	4665
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.FTP

@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	21
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.Finger

@@ -10,4 +10,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	79
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.GNUnet

@@ -12,4 +12,3 @@ PARAM	-	-	tcp	2086
 PARAM	-	-	udp	2086
 PARAM	-	-	tcp	1080
 PARAM	-	-	udp	1080
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.GRE

@@ -11,4 +11,3 @@
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	47	# GRE
 PARAM	DEST	SOURCE	47	# GRE
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.Git

@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	9418
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.Gnutella

@@ -10,4 +10,3 @@
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	6346
 PARAM	-	-	udp	6346
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.HTTP

@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	80
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.HTTPS

@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	443
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.ICQ

@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	5190
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.IMAP

@@ -10,4 +10,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	143
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.IMAPS

@@ -10,4 +10,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	993
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.IPIP

@@ -10,4 +10,3 @@
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	94	# IPIP
 PARAM	DEST	SOURCE	94	# IPIP
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.IPP

@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	631
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.IPPbrd

@@ -10,4 +10,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	udp	631
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.IPPserver

@@ -27,4 +27,3 @@
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	SOURCE	DEST	tcp	631
 PARAM	DEST	SOURCE	udp	631
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.IPsec

@@ -12,4 +12,3 @@ PARAM	-	-	udp	500	500	# IKE
 PARAM	-	-	50			# ESP
 PARAM	DEST	SOURCE	udp	500	500	# IKE
 PARAM	DEST	SOURCE	50			# ESP
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.IPsecah

@@ -13,4 +13,3 @@ PARAM	-	-	udp	500	500	# IKE
 PARAM	-	-	51			# AH
 PARAM	DEST	SOURCE	udp	500	500	# IKE
 PARAM	DEST	SOURCE	51			# AH
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.IPsecnat

@@ -14,4 +14,3 @@ PARAM	-	-	50		# ESP
 PARAM	DEST	SOURCE	udp	500	# IKE
 PARAM	DEST	SOURCE	udp	4500	# NAT-T
 PARAM	DEST	SOURCE	50		# ESP
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.IRC

@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	6667
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.JAP

@@ -15,4 +15,3 @@ PARAM	-	-	tcp	6544 # HTTP port
 PARAM	-	-	tcp	6543 # InfoService port
 HTTPS/PARAM
 SSH/PARAM
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.JabberPlain

@@ -9,4 +9,3 @@
 #TARGET	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	5222
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.JabberSecure

@@ -9,4 +9,3 @@
 #TARGET	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	5223
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.Jabberd

@@ -9,4 +9,3 @@
 #TARGET	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	5269
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.Jetdirect

@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	9100
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.L2TP

@@ -11,4 +11,3 @@
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	udp	1701	# L2TP
 PARAM	DEST	SOURCE	udp	1701	# L2TP
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.LDAP

@@ -14,4 +14,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	389
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.LDAPS

@@ -14,4 +14,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	636
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.MySQL

@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	3306
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.NNTP

@@ -10,4 +10,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	119
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.NNTPS

@@ -10,4 +10,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	563
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.NTP

@@ -10,4 +10,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	udp	123
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.NTPbi

@@ -10,4 +10,3 @@
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	udp	123
 PARAM	DEST	SOURCE	udp	123
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.NTPbrd

@@ -15,4 +15,3 @@
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-		-		udp	123
 PARAM	-		-		udp	1024:	123
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.OSPF

@@ -9,4 +9,3 @@
 #ACTION         SOURCE          DEST    PROTO   DEST    SOURCE  ORIGINAL        RATE    USER/   ORIGINAL
 #                                               PORT(S) PORT(S) DEST            LIMIT   GROUP   DEST
 PARAM           -               -       89      -                                                       # OSPF
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.OpenVPN

@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	udp	1194
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.PCA

@@ -10,4 +10,3 @@
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	udp	5632
 PARAM	-	-	tcp	5631
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.POP3

@@ -10,4 +10,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	110
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.POP3S

@@ -10,4 +10,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	995	# Secure POP3
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.PPtP

@@ -11,4 +11,3 @@
 PARAM	-	-	47
 PARAM	DEST	SOURCE	47
 PARAM	-	-	tcp	1723
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.Ping

@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	icmp	8
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.PostgreSQL

@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	5432
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.Printer

@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	515
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.RDP

@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	3389
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.RIPbi

@@ -10,5 +10,4 @@
 #                               PORT(S) PORT(S) LIMIT   GROUP
 PARAM   -       -       udp	520
 PARAM   DEST    SOURCE  udp	520
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
 

Shorewall/Macros/macro.RNDC

@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	953
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.Razor

@@ -9,4 +9,3 @@
 #ACTION         SOURCE          DEST    PROTO   DEST    SOURCE  RATE    USER/
 #                                               PORT(S) PORT(S) LIMIT   GROUP
 ACCEPT          -               -       tcp     2703
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.Rdate

@@ -13,4 +13,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	37
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.Reject

@@ -51,4 +51,3 @@ dropNotSyn
 # the log.
 #
 DROP	-	-	udp	-	53
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.Rfc1918

@@ -11,4 +11,3 @@ FORMAT 2
 PARAM		SOURCE:10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 \
 				DEST	-	-	-	-	-	-
 PARAM		SOURCE		DEST	-	-	-	10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.Rsync

@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	873
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.SANE

@@ -20,4 +20,3 @@ PARAM	-	-	tcp	6566
 #PARAM	-	-	tcp	32768:61000
 # This is generic rule for any os running saned.
 #PARAM	-	-	tcp	1024:
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/Macros/macro.SMB

@@ -16,4 +16,3 @@ PARAM	-	-	udp	135,445
 PARAM	-	-	udp	137:139
 PARAM	-	-	udp	1024:	137
 PARAM	-	-	tcp	135,139,445
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE