Update migration issues document for 4.6.0

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall-core/configure

@@ -1,16 +1,17 @@
 #!/bin/bash
 #
-#     Shorewall Packet Filtering Firewall RPM configuration program - V4.5
+#     Shorewall Packet Filtering Firewall RPM configuration program - V4.6
 #
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#     (c) 2012,2014 - Tom Eastep (teastep@shorewall.net)
-#
-#     (c) 2012 - Tom Eastep (teastep@shorewall.net)
 #
 #	Shorewall documentation is available at http://www.shorewall.net
 #
+#       This program is part of Shorewall.
+#
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of Version 2 of the GNU General Public License
+#	it under the terms of the GNU General Public License as published by the
-#	as published by the Free Software Foundation.
+#       Free Software Foundation, either version 2 of the license or, at your
+#       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -18,8 +19,7 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, write to the Free Software
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
-#	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #       Usage: ./configure [ <option>=<setting> ] ...
 #

Shorewall-core/configure.pl

@@ -2,15 +2,16 @@
 #
 #     Shorewall Packet Filtering Firewall RPM configuration program - V4.5
 #
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#     (c) 2012, 2014 - Tom Eastep (teastep@shorewall.net)
-#
-#     (c) 2012 - Tom Eastep (teastep@shorewall.net)
 #
 #	Shorewall documentation is available at http://www.shorewall.net
 #
+#       This program is part of Shorewall.
+#
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of Version 2 of the GNU General Public License
+#	it under the terms of the GNU General Public License as published by the
-#	as published by the Free Software Foundation.
+#       Free Software Foundation, either version 2 of the license or, at your
+#       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -18,8 +19,7 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, write to the Free Software
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
-#	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #       Usage: ./configure.pl <option>=<setting> ...
 #

Shorewall-core/install.sh

@@ -2,24 +2,24 @@
 #
 # Script to install Shoreline Firewall Core Modules
 #
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#     (c) 2000-2011,2014 - Tom Eastep (teastep@shorewall.net)
-#
-#     (c) 2000-2011 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
-#       This program is free software; you can redistribute it and/or modify
+#       This program is part of Shorewall.
-#       it under the terms of Version 2 of the GNU General Public License
-#       as published by the Free Software Foundation.
 #
-#       This program is distributed in the hope that it will be useful,
+#	This program is free software; you can redistribute it and/or modify
-#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+#	it under the terms of the GNU General Public License as published by the
-#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       Free Software Foundation, either version 2 of the license or, at your
-#       GNU General Public License for more details.
+#       option, any later version.
 #
-#       You should have received a copy of the GNU General Public License
+#	This program is distributed in the hope that it will be useful,
-#       along with this program; if not, write to the Free Software
+#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#	GNU General Public License for more details.
+#
+#	You should have received a copy of the GNU General Public License
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 
 VERSION=xxx #The Build script inserts the actual version

Shorewall-core/lib.base

@@ -1,15 +1,16 @@
 #
 # Shorewall 4.5 -- /usr/share/shorewall/lib.base
 #
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#     (c) 1999-2014 - Tom Eastep (teastep@shorewall.net)
-#
-#     (c) 1999-2012 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #
+#       This program is part of Shorewall.
+#
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of Version 2 of the GNU General Public License
+#	it under the terms of the GNU General Public License as published by the
-#	as published by the Free Software Foundation.
+#       Free Software Foundation, either version 2 of the license or, at your
+#       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -17,8 +18,7 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, write to the Free Software
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
-#	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 # This library contains the code common to all Shorewall components except the
 # generated scripts.

Shorewall-core/lib.cli

@@ -1,15 +1,16 @@
 #
 # Shorewall 4.5 -- /usr/share/shorewall/lib.cli.
 #
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#     (c) 1999-2014 - Tom Eastep (teastep@shorewall.net)
-#
-#     (c) 1999-2013 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #
+#       This program is part of Shorewall.
+#
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of Version 2 of the GNU General Public License
+#	it under the terms of the GNU General Public License as published by the
-#	as published by the Free Software Foundation.
+#       Free Software Foundation, either version 2 of the license or, at your
+#       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -17,15 +18,14 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, write to the Free Software
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
-#	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 # This library contains the command processing code common to /sbin/shorewall[6] and
 # /sbin/shorewall[6]-lite. In Shorewall and Shorewall6, the lib.cli-std library is 
 # loaded after this one and replaces some of the functions declared here.
 #
 
-SHOREWALL_CAPVERSION=40515
+SHOREWALL_CAPVERSION=40600
 
 [ -n "${g_program:=shorewall}" ]
 
@@ -1546,7 +1546,7 @@ do_dump_command() {
 }
 
 dump_command() {
-    do_dump_command | dump_filter
+    do_dump_command $@ | dump_filter
 }
 
 #
@@ -1896,6 +1896,8 @@ add_command() {
 		ipset=6_${zone}_${interface};
 	    fi
 
+	    ipset=$(echo $ipset | sed 's/./_/g');
+
 	    if ! qt $IPSET -L $ipset; then
 		fatal_error "Zone $zone, interface $interface does not have a dynamic host list"
 	    fi
@@ -1984,6 +1986,8 @@ delete_command() {
 		ipset=6_${zone}_${interface};
 	    fi
 
+	    ipset=$(echo $ipset | sed 's/./_/g');
+
 	    if ! qt $IPSET -L $ipset -n; then
 		fatal_error "Zone $zone, interface $interface does not have a dynamic host list"
 	    fi
@@ -2265,6 +2269,8 @@ determine_capabilities() {
     OWNER_NAME_MATCH=
     IPSET_MATCH=
     OLD_IPSET_MATCH=
+    IPSET_MATCH_NOMATCH=
+    IPSET_MATCH_COUNTERS=
     IPSET_V5=
     CONNMARK=
     XCONNMARK=
@@ -2309,6 +2315,7 @@ determine_capabilities() {
     CONDITION_MATCH=
     IPTABLES_S=
     BASIC_FILTER=
+    BASIC_EMATCH=
     CT_TARGET=
     STATISTIC_MATCH=
     IMQ_TARGET=
@@ -2552,6 +2559,8 @@ determine_capabilities() {
 
 	    if [ -n "$have_ipset" ]; then
 		if qt $g_tool -A $chain -m set --match-set $chain src -j ACCEPT; then
+		    qt $g_tool -A $chain -m set --match-set $chain src --return-nomatch  -j ACCEPT && IPSET_MATCH_NOMATCH=Yes
+		    qt $g_tool -A $chain -m set --match-set $chain src --packets-lt 100  -j ACCEPT && IPSET_MATCH_COUNTERS=Yes
 		    qt $g_tool -F $chain
 		    IPSET_MATCH=Yes
 		elif qt $g_tool -A $chain -m set --set $chain src -j ACCEPT; then
@@ -2635,8 +2644,15 @@ determine_capabilities() {
     qt $g_tool -F $chain1
     qt $g_tool -X $chain1
 
-    [ -n "$TC" ] && $TC filter add flow help 2>&1 | grep -q ^Usage && FLOW_FILTER=Yes
+    if [ -n "$TC" ]; then
-    [ -n "$TC" ] && $TC filter add basic help 2>&1 | grep -q ^Usage && BASIC_FILTER=Yes
+	$TC filter add flow help 2>&1 | grep -q ^Usage && FLOW_FILTER=Yes
+
+	if $TC filter add basic help 2>&1 | grep -q ^Usage; then
+	    BASIC_FILTER=Yes
+	    $TC filter add basic help 2>&1 | egrep -q match && BASIC_EMATCH=Yes
+	fi
+    fi
+
     [ -n "$IP" ] && $IP rule add help 2>&1 | grep -q /MASK && FWMARK_RT_MASK=Yes
 
     CAPVERSION=$SHOREWALL_CAPVERSION
@@ -2681,12 +2697,14 @@ report_capabilities_unsorted() {
     report_capability "Packet length Match (LENGTH_MATCH)" $LENGTH_MATCH
     report_capability "IP range Match(IPRANGE_MATCH)" $IPRANGE_MATCH
     report_capability "Recent Match (RECENT_MATCH)" $RECENT_MATCH
-    [ -n "$RECENT_MATCH" ] && report_capability 'Recent Match "--reap" option (REAP_OPTION)'
+    [ -n "$RECENT_MATCH" ] && report_capability 'Recent Match "--reap" option (REAP_OPTION)' $REAP_OPTION
     report_capability "Owner Match (OWNER_MATCH)" $OWNER_MATCH
     report_capability "Owner Name Match (OWNER_NAME_MATCH)" $OWNER_NAME_MATCH
     if [ -n "$IPSET_MATCH" ]; then
 	report_capability "Ipset Match (IPSET_MATCH)" $IPSET_MATCH
-	[ -n "$OLD_IPSET_MATCH" ] && report_capability "OLD_Ipset Match (OLD_IPSET_MATCH)" $OLD_IPSET_MATCH
+	[ -n "$OLD_IPSET_MATCH" ]     && report_capability "OLD_Ipset Match (OLD_IPSET_MATCH)"           $OLD_IPSET_MATCH
+	[ -n "$IPSET_MATCH_NOMATCH" ] && report_capability "Ipset Match Nomatch (IPSET_MATCH_NOMATCH)"   $IPSET_MATCH_NOMATCH
+	[ -n "$IPSET_MATCH_NOMATCH" ] && report_capability "Ipset Match Counters (IPSET_MATCH_COUNTERS)" $IPSET_MATCH_COUNTERS
     fi
     report_capability "CONNMARK Target (CONNMARK)" $CONNMARK
     [ -n "$CONNMARK" ] && report_capability "Extended CONNMARK Target (XCONNMARK)" $XCONNMARK
@@ -2765,6 +2783,7 @@ report_capabilities_unsorted() {
     fi
 
     report_capability "Basic Filter (BASIC_FILTER)" $BASIC_FILTER
+    report_capability "Basic Ematch (BASIC_EMATCH)" $BASIC_EMATCH
     report_capability "CT Target (CT_TARGET)" $CT_TARGET
 
     echo "   Kernel Version (KERNELVERSION): $KERNELVERSION"
@@ -2808,6 +2827,8 @@ report_capabilities_unsorted1() {
     report_capability1 OWNER_NAME_MATCH
     report_capability1 IPSET_MATCH
     report_capability1 OLD_IPSET_MATCH
+    report_capability1 IPSET_MATCH_NOMATCH
+    report_capability1 IPSET_MATCH_COUNTERS
     report_capability1 CONNMARK
     report_capability1 XCONNMARK
     report_capability1 CONNMARK_MATCH
@@ -2851,6 +2872,7 @@ report_capabilities_unsorted1() {
     report_capability1 CONDITION_MATCH
     report_capability1 IPTABLES_S
     report_capability1 BASIC_FILTER
+    report_capability1 BASIC_EMATCH
     report_capability1 CT_TARGET
     report_capability1 STATISTIC_MATCH
     report_capability1 IMQ_TARGET
@@ -2913,11 +2935,11 @@ show_status() {
     fi
 
     if [ $VERBOSITY -ge 1 ]; then 
-	echo "State:$state"
 	if [ -f $g_firewall ]; then
-	    echo $g_echo_n "$g_firewall was compiled by Shorewall version "
+	    state="$state ($g_firewall compiled by Shorewall version $($g_firewall version))"
-	    $g_firewall version
 	fi
+	echo "State:$state"
+	echo
     fi
 
 }
@@ -2925,7 +2947,6 @@ show_status() {
 status_command() {
     [ $VERBOSITY -ge 1 ] && echo "${g_product}-$SHOREWALL_VERSION Status at $g_hostname - $(date)" && echo
     show_status
-    [ $VERBOSITY -ge 1 ] && echo
     exit $status
 }
 
@@ -3415,7 +3436,7 @@ usage() # $1 = exit status
     echo "   delete <interface>[:<host-list>] ... <zone>"
     echo "   disable <interface>"
     echo "   drop <address> ..."
-    echo "   dump [ -x ]"
+    echo "   dump [ -x ] [ -l ] [ -m ]"
     echo "   enable <interface>"
     echo "   forget [ <file name> ]"
     echo "   help"
@@ -3508,6 +3529,7 @@ shorewall_cli() {
     g_doing="Compiling"
     g_directives=
     g_inline=
+    g_tcrules=
 
     VERBOSE=
     VERBOSITY=1

Shorewall-core/lib.common

@@ -1,15 +1,16 @@
 #
 # Shorewall 4.5 -- /usr/share/shorewall/lib.common.
 #
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#     (c) 2010-2014 - Tom Eastep (teastep@shorewall.net)
-#
-#     (c) 2010-2012 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #
+#       This program is part of Shorewall.
+#
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of Version 2 of the GNU General Public License
+#	it under the terms of the GNU General Public License as published by the
-#	as published by the Free Software Foundation.
+#       Free Software Foundation, either version 2 of the license or, at your
+#       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -17,8 +18,7 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, write to the Free Software
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
-#	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 # The purpose of this library is to hold those functions used by both the CLI and by the
 # generated firewall scripts. To avoid versioning issues, it is copied into generated

Shorewall-core/uninstall.sh

@@ -2,24 +2,24 @@
 #
 # Script to back uninstall Shoreline Firewall
 #
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#     (c) 2000-2014 - Tom Eastep (teastep@shorewall.net)
-#
-#     (c) 2000-2011 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://www.shorewall.net
 #
-#       This program is free software; you can redistribute it and/or modify
+#       This program is part of Shorewall.
-#       it under the terms of Version 2 of the GNU General Public License
-#       as published by the Free Software Foundation.
 #
-#       This program is distributed in the hope that it will be useful,
+#	This program is free software; you can redistribute it and/or modify
-#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+#	it under the terms of the GNU General Public License as published by the
-#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       Free Software Foundation, either version 2 of the license or, at your
-#       GNU General Public License for more details.
+#       option, any later version.
 #
-#       You should have received a copy of the GNU General Public License
+#	This program is distributed in the hope that it will be useful,
-#       along with this program; if not, write to the Free Software
+#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#	GNU General Public License for more details.
+#
+#	You should have received a copy of the GNU General Public License
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 #    Usage:
 #

Shorewall-core/wait4ifup

@@ -2,17 +2,18 @@
 #
 #     Shorewall interface helper utility - V4.2
 #
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#     (c) 2007,2014 - Tom Eastep (teastep@shorewall.net)
-#
-#     (c) 2007 - Tom Eastep (teastep@shorewall.net)
 #
 #	This file is installed in /usr/share/shorewall/wait4ifup
 #
 #	Shorewall documentation is available at http://www.shorewall.net
 #
+#       This program is part of Shorewall.
+#
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of Version 2 of the GNU General Public License
+#	it under the terms of the GNU General Public License as published by the
-#	as published by the Free Software Foundation.
+#       Free Software Foundation, either version 2 of the license or, at your
+#       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -20,8 +21,7 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, write to the Free Software
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
-#	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #	If an error occurs while starting or restarting the firewall, the
 #	firewall is automatically stopped.

Shorewall-init/init.sh

@@ -1,22 +1,24 @@
 #! /bin/bash
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#     (c) 2010,2012-2014 - Tom Eastep (teastep@shorewall.net)
-#
-#     (c) 2010,2012 - Tom Eastep (teastep@shorewall.net)
 #
 #       On most distributions, this file should be called /etc/init.d/shorewall.
 #
-#       Complete documentation is available at http://shorewall.net
+#       This program is part of Shorewall.
 #
-#       This program is free software; you can redistribute it and/or modify
+#	This program is free software; you can redistribute it and/or modify
-#       it under the terms of Version 2 of the GNU General Public License
+#	it under the terms of the GNU General Public License as published by the
-#       as published by the Free Software Foundation.
+#       Free Software Foundation, either version 2 of the license or, at your
+#       option, any later version.
 #
-#       This program is distributed in the hope that it will be useful,
+#	This program is distributed in the hope that it will be useful,
-#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#       GNU General Public License for more details.
+#	GNU General Public License for more details.
+#
+#	You should have received a copy of the GNU General Public License
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 #       You should have received a copy of the GNU General Public License
 #       along with this program; if not, write to the Free Software

Shorewall-init/install.sh

@@ -2,21 +2,25 @@
 #
 # Script to install Shoreline Firewall Init
 #
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#     (c) 2000-20114 - Tom Eastep (teastep@shorewall.net)
-#
-#     (c) 2000-2011 - Tom Eastep (teastep@shorewall.net)
 #     (c) 2010 - Roberto C. Sanchez (roberto@connexer.com)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
-#       This program is free software; you can redistribute it and/or modify
+#       This program is part of Shorewall.
-#       it under the terms of Version 2 of the GNU General Public License
-#       as published by the Free Software Foundation.
 #
-#       This program is distributed in the hope that it will be useful,
+#	This program is free software; you can redistribute it and/or modify
-#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+#	it under the terms of the GNU General Public License as published by the
-#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       Free Software Foundation, either version 2 of the license or, at your
-#       GNU General Public License for more details.
+#       option, any later version.
+#
+#	This program is distributed in the hope that it will be useful,
+#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#	GNU General Public License for more details.
+#
+#	You should have received a copy of the GNU General Public License
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 #       You should have received a copy of the GNU General Public License
 #       along with this program; if not, write to the Free Software
@@ -318,7 +322,7 @@ fi
 if [ -n "$SYSTEMD" ]; then
     mkdir -p ${DESTDIR}${SYSTEMD}
     [ -z "$SERVICEFILE" ] && SERVICEFILE=$PRODUCT.service
-    run_install $OWNERSHIP -m 600 $SERVICEFILE ${DESTDIR}${SYSTEMD}/$PRODUCT.service
+    run_install $OWNERSHIP -m 644 $SERVICEFILE ${DESTDIR}${SYSTEMD}/$PRODUCT.service
     [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SYSTEMD}/$PRODUCT.service
     echo "Service file $SERVICEFILE installed as ${DESTDIR}${SYSTEMD}/$PRODUCT.service"
     if [ -n "$DESTDIR" ]; then

Shorewall-init/shorewall-init

@@ -1,26 +1,26 @@
 #! /bin/bash
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#     (c) 2012-2014 - Tom Eastep (teastep@shorewall.net)
-#
-#     (c) 2012 - Tom Eastep (teastep@shorewall.net)
 #
 #       On most distributions, this file should be called /etc/init.d/shorewall.
 #
 #       Complete documentation is available at http://shorewall.net
 #
-#       This program is free software; you can redistribute it and/or modify
+#       This program is part of Shorewall.
-#       it under the terms of Version 2 of the GNU General Public License
-#       as published by the Free Software Foundation.
 #
-#       This program is distributed in the hope that it will be useful,
+#	This program is free software; you can redistribute it and/or modify
-#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+#	it under the terms of the GNU General Public License as published by the
-#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       Free Software Foundation, either version 2 of the license or, at your
-#       GNU General Public License for more details.
+#       option, any later version.
 #
-#       You should have received a copy of the GNU General Public License
+#	This program is distributed in the hope that it will be useful,
-#       along with this program; if not, write to the Free Software
+#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#	GNU General Public License for more details.
+#
+#	You should have received a copy of the GNU General Public License
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 #########################################################################################
 # set the STATEDIR variable

Shorewall-init/uninstall.sh

@@ -2,24 +2,24 @@
 #
 # Script to back uninstall Shoreline Firewall
 #
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#     (c) 2000-2014 - Tom Eastep (teastep@shorewall.net)
-#
-#     (c) 2000-2011 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.sourceforge.net
 #
-#       This program is free software; you can redistribute it and/or modify
+#       This program is part of Shorewall.
-#       it under the terms of Version 2 of the GNU General Public License
-#       as published by the Free Software Foundation.
 #
-#       This program is distributed in the hope that it will be useful,
+#	This program is free software; you can redistribute it and/or modify
-#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+#	it under the terms of the GNU General Public License as published by the
-#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       Free Software Foundation, either version 2 of the license or, at your
-#       GNU General Public License for more details.
+#       option, any later version.
 #
-#       You should have received a copy of the GNU General Public License
+#	This program is distributed in the hope that it will be useful,
-#       along with this program; if not, write to the Free Software
+#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#	GNU General Public License for more details.
+#
+#	You should have received a copy of the GNU General Public License
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 #    Usage:
 #

Shorewall-lite/init.sh

@@ -3,17 +3,18 @@ RCDLINKS="2,S41 3,S41 6,K41"
 #
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012,2014 - Tom Eastep (teastep@shorewall.net)
-#
-#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012 - Tom Eastep (teastep@shorewall.net)
 #
 #	On most distributions, this file should be called /etc/init.d/shorewall.
 #
 #	Complete documentation is available at http://shorewall.net
 #
+#       This program is part of Shorewall.
+#
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of Version 2 of the GNU General Public License
+#	it under the terms of the GNU General Public License as published by the
-#	as published by the Free Software Foundation.
+#       Free Software Foundation, either version 2 of the license or, at your
+#       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -21,8 +22,7 @@ RCDLINKS="2,S41 3,S41 6,K41"
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, write to the Free Software
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
-#	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #	If an error occurs while starting or restarting the firewall, the
 #	firewall is automatically stopped.

Shorewall-lite/install.sh

@@ -2,24 +2,24 @@
 #
 # Script to install Shoreline Firewall Lite
 #
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#     (c) 2000-2011,2014 - Tom Eastep (teastep@shorewall.net)
-#
-#     (c) 2000-2011 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
-#       This program is free software; you can redistribute it and/or modify
+#       This program is part of Shorewall.
-#       it under the terms of Version 2 of the GNU General Public License
-#       as published by the Free Software Foundation.
 #
-#       This program is distributed in the hope that it will be useful,
+#	This program is free software; you can redistribute it and/or modify
-#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+#	it under the terms of the GNU General Public License as published by the
-#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       Free Software Foundation, either version 2 of the license or, at your
-#       GNU General Public License for more details.
+#       option, any later version.
 #
-#       You should have received a copy of the GNU General Public License
+#	This program is distributed in the hope that it will be useful,
-#       along with this program; if not, write to the Free Software
+#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#	GNU General Public License for more details.
+#
+#	You should have received a copy of the GNU General Public License
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 
 VERSION=xxx #The Build script inserts the actual version
@@ -383,7 +383,7 @@ fi
 if [ -n "$SYSTEMD" ]; then
     mkdir -p ${DESTDIR}${SYSTEMD}
     [ -z "$SERVICEFILE" ] && SERVICEFILE=$PRODUCT.service
-    run_install $OWNERSHIP -m 600 $SERVICEFILE ${DESTDIR}${SYSTEMD}/$PRODUCT.service
+    run_install $OWNERSHIP -m 644 $SERVICEFILE ${DESTDIR}${SYSTEMD}/$PRODUCT.service
     [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SYSTEMD}/$PRODUCT.service
     echo "Service file $SERVICEFILE installed as ${DESTDIR}${SYSTEMD}/$PRODUCT.service"
 fi

Shorewall-lite/lib.base

@@ -1,15 +1,16 @@
 #
 # Shorewall 4.4 -- /usr/share/shorewall-lite/lib.base
 #
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#     (c) 2011,2014 - Tom Eastep (teastep@shorewall.net)
-#
-#     (c) 2011 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #
-#	This program is free software; you can redisribute it and/or modify
+#       This program is part of Shorewall.
-#	it under the terms of Version 2 of the GNU General Public License
+#
-#	as published by the Free Software Foundation.
+#	This program is free software; you can redistribute it and/or modify
+#	it under the terms of the GNU General Public License as published by the
+#       Free Software Foundation, either version 2 of the license or, at your
+#       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -17,8 +18,7 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, write to the Free Software
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
-#	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 # This library contains the code common to all Shorewall components.
 

Shorewall-lite/manpages/shorewall-lite-vardir.xml

@@ -6,6 +6,8 @@
     <refentrytitle>shorewall-lite-vardir</refentrytitle>
 
     <manvolnum>5</manvolnum>
+
+    <refmiscinfo>Configuration Files</refmiscinfo>
   </refmeta>
 
   <refnamediv>
@@ -54,7 +56,7 @@
         /opt/var/lib/shorewall-lite/.</para>
       </blockquote>
 
-      <para> When VARDIR is set in /etc/shorewall-lite/vardir, Shorewall Lite
+      <para>When VARDIR is set in /etc/shorewall-lite/vardir, Shorewall Lite
       will save its state in the <replaceable>directory</replaceable>
       specified.</para>
     </note>

Shorewall-lite/manpages/shorewall-lite.conf.xml

@@ -6,6 +6,8 @@
     <refentrytitle>shorewall-lite.conf</refentrytitle>
 
     <manvolnum>5</manvolnum>
+
+    <refmiscinfo>Configuration Files</refmiscinfo>
   </refmeta>
 
   <refnamediv>

Shorewall-lite/manpages/shorewall-lite.xml

@@ -6,6 +6,8 @@
     <refentrytitle>shorewall-lite</refentrytitle>
 
     <manvolnum>8</manvolnum>
+
+    <refmiscinfo>Administrative Commands</refmiscinfo>
   </refmeta>
 
   <refnamediv>

Shorewall-lite/shorecap

@@ -2,17 +2,18 @@
 #
 #     Shorewall Lite Packet Filtering Firewall Capabilities Detector
 #
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#     (c) 2006,2007,2008,2009,2010,2014 - Tom Eastep (teastep@shorewall.net)
-#
-#     (c) 2006,2007,2008,2009,2010 - Tom Eastep (teastep@shorewall.net)
 #
 #	This file should be placed in /sbin/shorewall.
 #
 #	Shorewall documentation is available at http://shorewall.sourceforge.net
 #
+#       This program is part of Shorewall.
+#
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of Version 2 of the GNU General Public License
+#	it under the terms of the GNU General Public License as published by the
-#	as published by the Free Software Foundation.
+#       Free Software Foundation, either version 2 of the license or, at your
+#       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -20,9 +21,7 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, write to the Free Software
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
-#	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-#
 #
 #   This program may be used to create a /etc/shorewall/capabilities file for
 #   use in compiling Shorewall firewalls on another system.

Shorewall-lite/shorewall-lite

@@ -2,16 +2,17 @@
 #
 #     Shorewall Lite Packet Filtering Firewall Control Program - V4.5
 #
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2014 -
-#
-#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011 -
 #         Tom Eastep (teastep@shorewall.net)
 #
 #	Shorewall documentation is available at http://www.shorewall.net
 #
+#       This program is part of Shorewall.
+#
 #	This program is free software; you can redistribute it and/or modify
-#	it under the terms of Version 2 of the GNU General Public License
+#	it under the terms of the GNU General Public License as published by the
-#	as published by the Free Software Foundation.
+#       Free Software Foundation, either version 2 of the license or, at your
+#       option, any later version.
 #
 #	This program is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -19,8 +20,7 @@
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with this program; if not, write to the Free Software
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
-#	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 #       For a list of supported commands, type 'shorewall help' or 'shorewall6 help'
 #

Shorewall-lite/uninstall.sh

@@ -2,24 +2,24 @@
 #
 # Script to back uninstall Shoreline Firewall
 #
-#     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#     (c) 2000-2011,2014 - Tom Eastep (teastep@shorewall.net)
-#
-#     (c) 2000-2011 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.sourceforge.net
 #
-#       This program is free software; you can redistribute it and/or modify
+#       This program is part of Shorewall.
-#       it under the terms of Version 2 of the GNU General Public License
-#       as published by the Free Software Foundation.
 #
-#       This program is distributed in the hope that it will be useful,
+#	This program is free software; you can redistribute it and/or modify
-#       but WITHOUT ANY WARRANTY; without even the implied warranty of
+#	it under the terms of the GNU General Public License as published by the
-#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#       Free Software Foundation, either version 2 of the license or, at your
-#       GNU General Public License for more details.
+#       option, any later version.
 #
-#       You should have received a copy of the GNU General Public License
+#	This program is distributed in the hope that it will be useful,
-#       along with this program; if not, write to the Free Software
+#	but WITHOUT ANY WARRANTY; without even the implied warranty of
-#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#	GNU General Public License for more details.
+#
+#	You should have received a copy of the GNU General Public License
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 #    Usage:
 #

Shorewall/Macros/macro.A_AllowICMPs

@@ -1,13 +1,15 @@
 #
 # Shorewall version 4 - Audited AllowICMPs Macro
 #
-# /usr/share/shorewall/macro.AAllowICMPs
+# /usr/share/shorewall/macro.A_AllowICMPs
 #
 #	This macro A_ACCEPTs needed ICMP types
 #
 ###############################################################################
-#ACTION		SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#					PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION		SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#					PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 
 ?COMMENT Needed ICMP types
 

Shorewall/Macros/macro.A_DropDNSrep

@@ -1,13 +1,15 @@
 #
 # Shorewall version 4 - Audited DropDNSrep Macro
 #
-# /usr/share/shorewall/macro.ADropDNSrep
+# /usr/share/shorewall/macro.A_DropDNSrep
 #
 #	This macro silently audites and drops DNS UDP replies
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 
 ?COMMENT Late DNS Replies
 

Shorewall/Macros/macro.A_DropUPnP

@@ -1,13 +1,15 @@
 #
 # Shorewall version 4 - ADropUPnP Macro
 #
-# /usr/share/shorewall/macro.ADropUPnP
+# /usr/share/shorewall/macro.A_DropUPnP
 #
 #	This macro silently drops UPnP probes on UDP port 1900
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 
 ?COMMENT UPnP
 

Shorewall/Macros/macro.AllowICMPs

@@ -6,8 +6,10 @@
 #	This macro ACCEPTs needed ICMP types
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 
 ?COMMENT Needed ICMP types
 

Shorewall/Macros/macro.Amanda

@@ -9,8 +9,9 @@
 #
 ###############################################################################
 ?FORMAT 2
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+###############################################################################
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __AMANDA_HELPER )
  PARAM	-	-	udp	10080 ; helper=amanda

Shorewall/Macros/macro.Auth

@@ -6,6 +6,8 @@
 #	This macro handles Auth (identd) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	113

Shorewall/Macros/macro.BGP

@@ -6,6 +6,8 @@
 #	This macro handles BGP4 traffic.
 #
 ###############################################################################
-#ACTION SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S) PORT(S) LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	179	# BGP4

Shorewall/Macros/macro.BLACKLIST

@@ -6,8 +6,10 @@
 #	This macro handles blacklisting using BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?if $BLACKLIST_LOGLEVEL
 blacklog
 ?else

Shorewall/Macros/macro.BitTorrent

@@ -7,9 +7,12 @@
 #
 #	If you are running BitTorrent 3.2 or later, you should use the
 #	BitTorrent32 macro.
+#
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	6881:6889
 #
 # It may also be necessary to allow UDP traffic:

Shorewall/Macros/macro.BitTorrent32

@@ -6,8 +6,10 @@
 #	This macro handles BitTorrent traffic for BitTorrent 3.2 and later.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	6881:6999
 #
 # It may also be necessary to allow UDP traffic:

Shorewall/Macros/macro.CVS

@@ -6,6 +6,8 @@
 #	This macro handles connections to the CVS pserver.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	2401

Shorewall/Macros/macro.Citrix

@@ -6,9 +6,11 @@
 #	This macro handles Citrix/ICA traffic (ICA, ICA Browser, CGP a.k.a.
 #	ICA Session Reliability)
 #
-####################################################################################
+###############################################################################
-#ACTION SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S) PORT(S) LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	1494	# ICA
 PARAM	-	-	udp	1604	# ICA Browser
 PARAM	-	-	tcp	2598	# CGP Session Reliabilty

Shorewall/Macros/macro.DAAP

@@ -7,7 +7,9 @@
 #	The protocol is used by iTunes, Rythmbox and other similar daemons.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	3689
 PARAM	-	-	udp	3689

Shorewall/Macros/macro.DCC

@@ -7,6 +7,8 @@
 #	DCC is a distributed spam filtering mechanism.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	6277

Shorewall/Macros/macro.DHCPfwd

@@ -6,7 +6,9 @@
 #	This macro (bidirectional) handles forwarded DHCP traffic
 #
 ###############################################################################
-#ACTION SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S) PORT(S) LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	67:68	67:68	# DHCP
 PARAM	DEST	SOURCE	udp	67:68	67:68	# DHCP

Shorewall/Macros/macro.DNS

@@ -6,7 +6,9 @@
 #	This macro handles DNS traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	53
 PARAM	-	-	tcp	53

Shorewall/Macros/macro.Distcc

@@ -6,6 +6,8 @@
 #	This macro handles connections to the Distributed Compiler service.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	3632

Shorewall/Macros/macro.Drop

@@ -11,12 +11,14 @@
 #		Drop	net	all
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 #
-# Don't log 'auth' REJECT
+# Don't log 'auth' DROP
 #
-REJECT	-	-	tcp	113
+DROP	-	-	tcp	113
 #
 # Drop Broadcasts so they don't clutter up the log
 # (broadcasts must *not* be rejected).

Shorewall/Macros/macro.DropDNSrep

@@ -6,8 +6,10 @@
 #	This macro silently drops DNS UDP replies
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 
 ?COMMENT Late DNS Replies
 

Shorewall/Macros/macro.DropUPnP

@@ -6,8 +6,10 @@
 #	This macro silently drops UPnP probes on UDP port 1900
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 
 ?COMMENT UPnP
 

Shorewall/Macros/macro.Edonkey

@@ -28,7 +28,9 @@
 #	applications such as aMule WebServer or aMuleCMD.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	4662
 PARAM	-	-	udp	4665

Shorewall/Macros/macro.FTP

@@ -7,8 +7,9 @@
 #
 ###############################################################################
 ?FORMAT 2
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+###############################################################################
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __FTP_HELPER  )
  PARAM	-	-	tcp	21 ; helper=ftp
 ?else

Shorewall/Macros/macro.Finger

@@ -7,6 +7,8 @@
 #	your finger information to internet.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	79

Shorewall/Macros/macro.GNUnet

@@ -6,8 +6,10 @@
 #	This macro handles GNUnet (secure peer-to-peer networking) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	2086
 PARAM	-	-	udp	2086
 PARAM	-	-	tcp	1080

Shorewall/Macros/macro.GRE

@@ -7,7 +7,9 @@
 #	traffic (RFC 1701)
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	47	# GRE
 PARAM	DEST	SOURCE	47	# GRE

Shorewall/Macros/macro.Git

@@ -6,6 +6,8 @@
 #	This macro handles Git traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	9418

Shorewall/Macros/macro.Gnutella

@@ -6,7 +6,9 @@
 #	This macro handles Gnutella traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	6346
 PARAM	-	-	udp	6346

Shorewall/Macros/macro.HKP

@@ -6,6 +6,8 @@
 #	This macro handles OpenPGP HTTP keyserver protocol traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	11371

Shorewall/Macros/macro.HTTP

@@ -6,6 +6,8 @@
 #	This macro handles plaintext HTTP (WWW) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	80

Shorewall/Macros/macro.HTTPS

@@ -6,6 +6,8 @@
 #	This macro handles HTTPS (WWW over SSL) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	443

Shorewall/Macros/macro.ICPV2

@@ -6,6 +6,8 @@
 #	This macro handles Internet Cache Protocol V2 (Squid) traffic
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	3130

Shorewall/Macros/macro.ICQ

@@ -6,6 +6,8 @@
 #	This macro handles ICQ, now called AOL Instant Messenger (or AIM).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	5190

Shorewall/Macros/macro.IMAP

@@ -7,6 +7,8 @@
 #	see macro.IMAPS.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	143

Shorewall/Macros/macro.IMAPS

@@ -7,6 +7,8 @@
 #	(not recommended), see macro.IMAP.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	993

Shorewall/Macros/macro.IPIP

@@ -6,7 +6,9 @@
 #	This macro (bidirectional) handles IPIP capsulation traffic
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	94	# IPIP
 PARAM	DEST	SOURCE	94	# IPIP

Shorewall/Macros/macro.IPP

@@ -6,6 +6,8 @@
 #	This macro handles Internet Printing Protocol (IPP).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	631

Shorewall/Macros/macro.IPPbrd

@@ -6,7 +6,10 @@
 #	This macro handles Internet Printing Protocol (IPP) broadcasts.
 #       If you also need to handle TCP 631 connections in the opposite
 #       direction, use the IPPserver Macro
+#
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	631

Shorewall/Macros/macro.IPPserver

@@ -23,7 +23,9 @@
 #		IPPserver/ACCEPT $FW loc
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	SOURCE	DEST	tcp	631
 PARAM	DEST	SOURCE	udp	631

Shorewall/Macros/macro.IPsec

@@ -6,8 +6,10 @@
 #	This macro (bidirectional) handles IPsec traffic
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	500	500	# IKE
 PARAM	-	-	50			# ESP
 PARAM	DEST	SOURCE	udp	500	500	# IKE

Shorewall/Macros/macro.IPsecah

@@ -7,8 +7,10 @@
 #       This is insecure. You should use ESP with encryption for security.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	500	500	# IKE
 PARAM	-	-	51			# AH
 PARAM	DEST	SOURCE	udp	500	500	# IKE

Shorewall/Macros/macro.IPsecnat

@@ -6,8 +6,10 @@
 #	This macro (bidirectional) handles IPsec traffic and Nat-Traversal
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	500	# IKE
 PARAM	-	-	udp	4500	# NAT-T
 PARAM	-	-	50		# ESP

Shorewall/Macros/macro.IRC

@@ -7,8 +7,9 @@
 #
 ###############################################################################
 ?FORMAT 2
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+###############################################################################
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __IRC_HELPER  )
  PARAM	-	-	tcp	6667 ; helper=irc

Shorewall/Macros/macro.JAP

@@ -8,8 +8,10 @@
 #	to browse anonymously!
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	8080 # HTTP port
 PARAM	-	-	tcp	6544 # HTTP port
 PARAM	-	-	tcp	6543 # InfoService port

Shorewall/Macros/macro.JabberPlain

@@ -6,6 +6,8 @@
 #	This macro accepts Jabber traffic (plaintext).
 #
 ###############################################################################
-#TARGET	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	5222

Shorewall/Macros/macro.JabberSecure

@@ -6,6 +6,8 @@
 #	This macro accepts Jabber traffic (ssl).
 #
 ###############################################################################
-#TARGET	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	5223

Shorewall/Macros/macro.Jabberd

@@ -6,6 +6,8 @@
 #	This macro accepts Jabberd intercommunication traffic
 #
 ###############################################################################
-#TARGET	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	5269

Shorewall/Macros/macro.Jetdirect

@@ -6,6 +6,8 @@
 #	This macro handles HP Jetdirect printing.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	9100

Shorewall/Macros/macro.Kerberos

@@ -6,7 +6,9 @@
 #	This macro handles Kerberos traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	88
 PARAM	-	-	udp	88

Shorewall/Macros/macro.L2TP

@@ -7,7 +7,9 @@
 #	(RFC 2661)
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	1701	# L2TP
 PARAM	DEST	SOURCE	udp	1701	# L2TP

Shorewall/Macros/macro.LDAP

@@ -11,6 +11,8 @@
 #	Consult your LDAP server documentation for details.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	389

Shorewall/Macros/macro.LDAPS

@@ -11,6 +11,8 @@
 #	Consult your LDAP server documentation for details.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	636

Shorewall/Macros/macro.MSNP

@@ -6,6 +6,8 @@
 #	This macro handles MSNP (MicroSoft Notification Protocol)
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	1863

Shorewall/Macros/macro.MSSQL

@@ -6,6 +6,8 @@
 #	This macro handles MSSQL (Microsoft SQL Server)
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	1433

Shorewall/Macros/macro.Mail

@@ -12,8 +12,10 @@
 #	the POP3 or IMAP macros.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	25
 PARAM	-	-	tcp	465
 PARAM	-	-	tcp	587

Shorewall/Macros/macro.Munin

@@ -6,6 +6,8 @@
 #	This macro handles Munin networked resource monitoring traffic
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	4949

Shorewall/Macros/macro.MySQL

@@ -6,6 +6,8 @@
 #	This macro handles connections to the MySQL server.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	3306

Shorewall/Macros/macro.NNTP

@@ -7,6 +7,8 @@
 #	encrypted NNTP, see macro.NNTPS.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	119

Shorewall/Macros/macro.NNTPS

@@ -7,6 +7,8 @@
 #	plaintext NNTP, see macro.NNTP.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	563

Shorewall/Macros/macro.NTP

@@ -7,6 +7,8 @@
 #	For broadcast NTP traffic, use NTPbrd Macro.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	123

Shorewall/Macros/macro.NTPbi

@@ -6,7 +6,9 @@
 #        This macro handles  bi-directional NTP (for NTP peers)
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	123
 PARAM	DEST	SOURCE	udp	123

Shorewall/Macros/macro.NTPbrd

@@ -11,7 +11,9 @@
 #	Netfilter doesn't track connections for broadcast traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-		-		udp	123
 PARAM	-		-		udp	1024:	123

Shorewall/Macros/macro.OSPF

@@ -6,6 +6,8 @@
 #	This macro handles OSPF multicast traffic
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	89	# OSPF

Shorewall/Macros/macro.OpenVPN

@@ -6,6 +6,8 @@
 #	This macro handles OpenVPN traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	1194

Shorewall/Macros/macro.PCA

@@ -6,7 +6,9 @@
 #	This macro handles PCAnywere (tm)
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	5632
 PARAM	-	-	tcp	5631

Shorewall/Macros/macro.POP3

@@ -7,6 +7,8 @@
 #	see macro.POP3S.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	110

Shorewall/Macros/macro.POP3S

@@ -7,6 +7,8 @@
 #	see macro.POP3.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	995	# Secure POP3

Shorewall/Macros/macro.PPtP

@@ -7,8 +7,9 @@
 #
 ###############################################################################
 ?FORMAT 2
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+###############################################################################
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	47
 PARAM	DEST	SOURCE	47
 

Shorewall/Macros/macro.Ping

@@ -6,6 +6,8 @@
 #	This macro handles 'ping' requests.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	icmp	8

Shorewall/Macros/macro.PostgreSQL

@@ -6,6 +6,8 @@
 #	This macro handles connections to the PostgreSQL server.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	5432

Shorewall/Macros/macro.Printer

@@ -6,6 +6,8 @@
 #	This macro handles Line Printer protocol printing.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	515

Shorewall/Macros/macro.Puppet

@@ -7,6 +7,8 @@
 #	management system.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	8140

Shorewall/Macros/macro.RDP

@@ -6,6 +6,8 @@
 #	This macro handles Microsoft RDP (Remote Desktop) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	3389

Shorewall/Macros/macro.RIPbi

@@ -6,8 +6,9 @@
 #        This macro handles RIP (Routing Information Protocol) - bidirectional
 #
 ###############################################################################
-#ACTION SOURCE  DEST    PROTO   DEST    SOURCE  RATE    USER/
+?FORMAT 2
-#                               PORT(S) PORT(S) LIMIT   GROUP
+###############################################################################
-PARAM   -       -       udp	520
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-PARAM   DEST    SOURCE  udp	520
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-
+PARAM	-	-	udp	520
+PARAM	DEST	SOURCE	udp	520

Shorewall/Macros/macro.RNDC

@@ -6,6 +6,8 @@
 #	This macro handles RNDC (BIND remote management protocol) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	953

Shorewall/Macros/macro.Razor

@@ -6,6 +6,8 @@
 #	This macro handles traffic for the Razor Antispam System
 #
 ###############################################################################
-#ACTION         SOURCE          DEST    PROTO   DEST    SOURCE  RATE    USER/
+?FORMAT 2
-#                                               PORT(S) PORT(S) LIMIT   GROUP
+###############################################################################
-ACCEPT          -               -       tcp     2703
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+ACCEPT	-	-	tcp	2703

Shorewall/Macros/macro.Rdate

@@ -10,6 +10,8 @@
 #	use Time macro instead.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	37

Shorewall/Macros/macro.Reject

@@ -12,8 +12,10 @@
 #
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 #
 # Don't log 'auth' REJECT
 #

Shorewall/Macros/macro.Rfc1918

@@ -3,11 +3,14 @@
 #
 # /usr/share/shorewall/macro.Rfc1918
 #
-#	This macro handles pkts with a SOURCE or ORIGINAL DEST address reserved by RFC 1918
+#	This macro handles pkts with a SOURCE or ORIGINAL DEST address
+#	reserved by RFC 1918
+#
 #############################################################################################
-#ACTION		SOURCE		DEST	PROTO	DEST	SOURCE	ORIGINAL	RATE	USER/
-#						PORT(S)	PORT(S)	DEST		LIMIT	GROUP
 ?FORMAT 2
+#############################################################################################
+#ACTION		SOURCE		DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#						PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM		SOURCE:10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 \
-				DEST	-	-	-	-	-	-
+				DEST
 PARAM		SOURCE		DEST	-	-	-	10.0.0.0/8,172.16.0.0/12,192.168.0.0/16

Shorewall/Macros/macro.Rsync

@@ -6,6 +6,8 @@
 #	This macro handles connections to the rsync server.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+?FORMAT 2
-#				PORT(S)	PORT(S)	LIMIT	GROUP
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
+#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	873