Delete main default routes when there are 'load=' or 'fallback=' interfaces

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall-core/INSTALL

@@ -1,4 +1,4 @@
-Shoreline Firewall (Shorewall) Version 5
+Shoreline Firewall (Shorewall) Version 4
 -----         ----
 
 -----------------------------------------------------------------------------

Shorewall-core/configure

@@ -28,7 +28,7 @@
 #
 # Build updates this
 #
-VERSION=4.6.12
+VERSION=4.5.2.1
 
 case "$BASH_VERSION" in
     [4-9].*)

Shorewall-core/configure.pl

@@ -31,7 +31,7 @@ use strict;
 # Build updates this
 #
 use constant {
-    VERSION => '4.6.12'
+    VERSION => '4.5.2.1'
 };
 
 my %params;

Shorewall-core/lib.base

@@ -1,7 +1,7 @@
 #
-# Shorewall 5.0 -- /usr/share/shorewall/lib.base
+# Shorewall 4.5 -- /usr/share/shorewall/lib.base
 #
-#     (c) 1999-2015 - Tom Eastep (teastep@shorewall.net)
+#     (c) 1999-2014 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #

Shorewall-core/lib.cli

@@ -1,7 +1,7 @@
 #
-# Shorewall 5.0 -- /usr/share/shorewall/lib.cli.
+# Shorewall 4.5 -- /usr/share/shorewall/lib.cli.
 #
-#     (c) 1999-2015 - Tom Eastep (teastep@shorewall.net)
+#     (c) 1999-2014 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #
@@ -388,7 +388,8 @@ do_save() {
     status=0
 
     if [ -f ${VARDIR}/firewall ]; then
-	if $iptables_save | grep -v -- '-A dynamic.* -j ACCEPT' > ${VARDIR}/restore-$$; then
+	if [ -n "$WORKAROUNDS" ]; then
+	    if $iptables_save | iptablesbug | grep -v -- '-A dynamic.* -j ACCEPT' > ${VARDIR}/restore-$$; then
 		cp -f ${VARDIR}/firewall $g_restorepath
 		mv -f ${VARDIR}/restore-$$ ${g_restorepath}-iptables
 		chmod +x $g_restorepath
@@ -399,6 +400,19 @@ do_save() {
 		echo "   ERROR: Currently-running Configuration Not Saved" >&2
 		status=1
 	    fi
+	else
+	    if $iptables_save | grep -v -- '-A dynamic.* -j ACCEPT' > ${VARDIR}/restore-$$; then
+		cp -f ${VARDIR}/firewall $g_restorepath
+		mv -f ${VARDIR}/restore-$$ ${g_restorepath}-iptables
+		chmod +x $g_restorepath
+		echo "   Currently-running Configuration Saved to $g_restorepath"
+		run_user_exit save
+	    else
+		rm -f ${VARDIR}/restore-$$
+		echo "   ERROR: Currently-running Configuration Not Saved" >&2
+		status=1
+	    fi
+	fi
     else
 	echo "   ERROR: ${VARDIR}/firewall does not exist" >&2
 	status=1
@@ -409,6 +423,18 @@ do_save() {
 	    resolve_arptables
 
 	    if [ -n "$arptables" ]; then
+		if [ -n "$WORKAROUNDS" ]; then
+	            #
+	            # 'sed' command is a hack to work around broken arptables_jf
+	            #
+		    if ${arptables}-save | sed 's/-p[[:space:]]\+0\([[:digit:]]\)00\/ffff/-p 000\1\/ffff/' > ${VARDIR}/restore-$$; then
+			if grep -q '^-A' ${VARDIR}/restore-$$; then
+			    mv -f ${VARDIR}/restore-$$ ${g_restorepath}-arptables
+			else
+			    rm -f ${VARDIR}/restore-$$
+			fi
+		    fi
+		else
 		    if ${arptables}-save > ${VARDIR}/restore-$$; then
 			if grep -q '^-A' ${VARDIR}/restore-$$; then
 			    mv -f ${VARDIR}/restore-$$ ${g_restorepath}-arptables
@@ -416,6 +442,7 @@ do_save() {
 			    rm -f ${VARDIR}/restore-$$
 			fi
 		    fi
+		fi
 	    else
 		case "$ARPTABLES" in
 		    */*)
@@ -454,13 +481,29 @@ do_save() {
 		esac
 
 		if [ -n "$IPSET" ]; then
-		    if eval $IPSET -S > ${VARDIR}/ipsets.tmp; then
+		    if [ -n "$WORKAROUNDS" ]; then
+			if [ -f /etc/debian_version ] && [ $(cat /etc/debian_version) = 5.0.3 ]; then
+			    #
+			    # The 'grep -v' is a hack for a bug in ipset's nethash implementation when xtables-addons is applied to Lenny
+			    #
+			    hack='| grep -v /31'
+			else
+			    hack=
+			fi
+
+			if eval $IPSET -S $hack > ${VARDIR}/ipsets.tmp; then
 			    #
 			    # Don't save an 'empty' file
 			    #
 			    grep -qE -- '^(-N|create )' ${VARDIR}/ipsets.tmp && mv -f ${VARDIR}/ipsets.tmp ${g_restorepath}-ipsets
 			fi
 		    fi
+		elif eval $IPSET -S > ${VARDIR}/ipsets.tmp; then
+		    #
+		    # Don't save an 'empty' file
+		    #
+		    grep -qE -- '^(-N|create )' ${VARDIR}/ipsets.tmp && mv -f ${VARDIR}/ipsets.tmp ${g_restorepath}-ipsets
+		fi
 		;;
 	    [Nn]o|ipv4|ipv6)
 		;;
@@ -3590,13 +3633,7 @@ get_config() {
 	VERBOSITY=2
     fi
 
-    if qt mywhich hostname; then
     g_hostname=$(hostname 2> /dev/null)
-    elif qt mywhich uname; then
-	g_hostname=$(uname -n 2> /dev/null)
-    else
-	g_hostname=localhost
-    fi
 
     if [ -n "$IPSET" ]; then
 	case "$IPSET" in
@@ -3750,7 +3787,7 @@ start_command() {
 }
 
 #
-# Reload/Restart Command Executor
+# Restart Command Executor
 #
 restart_command() {
     local finished
@@ -3809,11 +3846,11 @@ restart_command() {
     [ -n "$g_nolock" ] || mutex_on
 
     if [ -x ${VARDIR}/firewall ]; then
-	run_it ${VARDIR}/firewall $g_debugging $COMMAND
+	run_it ${VARDIR}/firewall $g_debugging restart
 	rc=$?
     else
 	error_message "${VARDIR}/firewall is missing or is not executable"
-	logger -p kern.err "ERROR:$g_product $COMMAND failed"
+	logger -p kern.err "ERROR:$g_product restart failed"
 	rc=6
     fi
 
@@ -3975,6 +4012,7 @@ shorewall_cli() {
     g_refreshchains=:none:
     g_confess=
     g_update=
+    g_convert=
     g_annotate=
     g_recovering=
     g_timestamp=
@@ -3983,10 +4021,14 @@ shorewall_cli() {
     g_conditional=
     g_file=
     g_doing="Compiling"
+    g_directives=
     g_inline=
+    g_tcrules=
     g_counters=
     g_loopback=
     g_compiled=
+    g_routestopped=
+    g_notrack=
 
     VERBOSE=
     VERBOSITY=1
@@ -4165,7 +4207,7 @@ shorewall_cli() {
 	    run_it $g_firewall $g_debugging reset $@
 	    [ -n "$g_nolock" ] || mutex_off
 	    ;;
-	reload|restart)
+	restart)
 	    get_config Yes Yes
 	    shift
 	    restart_command $@

Shorewall-core/lib.common

@@ -1,7 +1,7 @@
 #
-# Shorewall 5.0 -- /usr/share/shorewall/lib.common.
+# Shorewall 4.5 -- /usr/share/shorewall/lib.common.
 #
-#     (c) 2010-2015 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2010-2014 - Tom Eastep (teastep@shorewall.net)
 #
 #	Complete documentation is available at http://shorewall.net
 #
@@ -71,18 +71,90 @@ startup_error() # $* = Error Message
 }
 
 #
-# Create the required option string and run the passed script using
+# Get the Shorewall version of the passed script
+#
+get_script_version() { # $1 = script
+    local temp
+    local version
+    local ifs
+    local digits
+    local verbosity
+
+    if [ -z "$WORKAROUNDS" -o "$g_compiled" = "$g_file" ]; then
+	#
+	# Unless WORKAROUNDS=No, either this script was just compiled or AUTOMAKE
+	# determined that re-compilation wasn't needed
+	#
+	temp="$SHOREWALL_VERSION"
+    else
+	verbosity="$VERBOSITY"
+	VERBOSITY=0
+
+	temp=$( $SHOREWALL_SHELL $1 version | tail -n 1 )
+    fi
+
+    if [ -z "$temp" ]; then
+	version=0
+    else
+	temp=${temp%-*}
+	ifs=$IFS
+	IFS=.
+	temp=$(echo $temp)
+	IFS=$ifs
+	digits=0
+
+	for temp in $temp; do
+	    version=${version}$(printf '%02d' $temp)
+	    digits=$(($digits + 1))
+	    [ $digits -eq 3 ] && break
+	done
+    fi
+
+    echo $version
+
+    VERBOSITY="$verbosity"
+}
+
+#
+# Do required exports or create the required option string and run the passed script using
 # $SHOREWALL_SHELL
 #
 run_it() {
     local script
     local options
+    local version
 
     export VARDIR
 
     script=$1
     shift
 
+    version=$(get_script_version $script)
+
+    if [ $version -lt 040408 ]; then
+	#
+	# Old script that doesn't understand 4.4.8 script options
+	#
+	export RESTOREFILE
+	export VERBOSITY
+	export NOROUTES=$g_noroutes
+	export PURGE=$g_purge
+	export TIMESTAMP=$g_timestamp
+	export RECOVERING=$g_recovering
+
+	case "$g_program" in
+	    *-lite)
+		#
+		# Shorewall Lite
+		#
+		export LOGFORMAT
+		export IPTABLES
+		;;
+	esac
+    else
+	#
+	# 4.4.8 or later -- no additional exports required
+	#
 	if [ x$1 = xtrace -o x$1 = xdebug ]; then
 	    options="$1 -"
 	    shift;
@@ -99,6 +171,7 @@ run_it() {
 	options="${options}V $VERBOSITY"
 
 	[ -n "$RESTOREFILE" ] && options="${options} -R $RESTOREFILE"
+    fi
 
     $SHOREWALL_SHELL $script $options $@
 }
@@ -499,9 +572,9 @@ in_network() # $1 = IP address, $2 = CIDR network
 #
 # Query NetFilter about the existence of a filter chain
 #
-chain_exists() # $1 = chain name, $2 = table name (optional)
+chain_exists() # $1 = chain name
 {
-    qt1 $g_tool -t ${2:-filter} -L $1 -n
+    qt1 $g_tool -L $1 -n
 }
 
 #

Shorewall-core/shorewallrc.apple

@@ -1,5 +1,5 @@
 #
-# Apple OS X Shorewall 5.0 rc file
+# Apple OS X Shorewall 4.5 rc file
 #
 BUILD=apple
 HOST=apple

Shorewall-core/shorewallrc.archlinux

@@ -1,5 +1,5 @@
 #
-# Arch Linux Shorewall 5.0 rc file
+# Arch Linux Shorewall 4.5 rc file
 #
 BUILD=                                 #Default is to detect the build system
 HOST=archlinux

Shorewall-core/shorewallrc.cygwin

@@ -1,5 +1,5 @@
 #
-# Cygwin Shorewall 5.0 rc file
+# Cygwin Shorewall 4.5 rc file
 #
 BUILD=cygwin
 HOST=cygwin

Shorewall-core/shorewallrc.default

@@ -1,5 +1,5 @@
 #
-# Default Shorewall 5.0 rc file
+# Default Shorewall 4.5 rc file
 #
 HOST=linux                              #Generic Linux
 BUILD=                                  #Default is to detect the build system

Shorewall-core/shorewallrc.redhat

@@ -1,5 +1,5 @@
 #
-# RedHat/FedoraShorewall 5.0 rc file
+# RedHat/FedoraShorewall 4.5 rc file
 #
 BUILD=                                  #Default is to detect the build system
 HOST=redhat

Shorewall-core/shorewallrc.slackware

@@ -1,5 +1,5 @@
 #
-# Slackware Shorewall 5.0 rc file
+# Slackware Shorewall 4.5 rc file
 #
 BUILD=slackware
 HOST=slackware

Shorewall-core/shorewallrc.suse

@@ -1,5 +1,5 @@
 #
-# SuSE Shorewall 5.0 rc file
+# SuSE Shorewall 4.5 rc file
 #
 BUILD=                                                #Default is to detect the build system
 HOST=suse

Shorewall-init/init.debian.sh

@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #

Shorewall-init/init.sh

@@ -1,5 +1,5 @@
 #! /bin/bash
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
 #     (c) 2010,2012-2014 - Tom Eastep (teastep@shorewall.net)
 #

Shorewall-init/init.suse.sh

@@ -1,5 +1,5 @@
 #! /bin/bash
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
 #
 #     This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
 #
@@ -38,7 +38,7 @@
 # 0 - success
 # 1 - generic or unspecified error
 # 2 - invalid or excess argument(s)
-# 3 - unimplemented feature
+# 3 - unimplemented feature (e.g. "reload")
 # 4 - insufficient privilege
 # 5 - program is not installed
 # 6 - program is not configured

Shorewall-init/shorewall-init

@@ -1,5 +1,5 @@
 #!/bin/bash
-#	The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
+#	The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.6
 #
 #	(c) 2012-2014 - Tom Eastep (teastep@shorewall.net)
 #

Shorewall-init/shorewall-init.service.debian

@@ -6,6 +6,7 @@
 #
 [Unit]
 Description=Shorewall firewall (bootup security)
+Wants=network.target
 Before=network.target
 
 [Service]

Shorewall-lite/configpath

@@ -1,5 +1,5 @@
 #
-# Shorewall Lite version 5 - Default Config Path
+# Shorewall Lite version 4.1 - Default Config Path
 #
 # /usr/share/shorewall-lite/configpath
 #

Shorewall-lite/manpages/shorewall-lite.xml

@@ -329,21 +329,6 @@
       <arg choice="plain"><replaceable>address</replaceable></arg>
     </cmdsynopsis>
 
-    <cmdsynopsis>
-      <command>shorewall-lite</command>
-
-      <arg
-      choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
-
-      <arg>-<replaceable>options</replaceable></arg>
-
-      <arg choice="plain"><option>reload</option></arg>
-
-      <arg><option>-n</option></arg>
-
-      <arg><option>-p</option><arg><option>-C</option></arg></arg>
-    </cmdsynopsis>
-
     <cmdsynopsis>
       <command>shorewall-lite</command>
 
@@ -723,7 +708,6 @@
           <para>If <option>-f</option> is given, the command will be processed
           by the compiled script that executed the last successful <emphasis
           role="bold">start</emphasis>, <emphasis
-          role="bold">reload</emphasis>, <emphasis
           role="bold">restart</emphasis> or <emphasis
           role="bold">refresh</emphasis> command if that script exists.</para>
         </listitem>
@@ -1042,32 +1026,6 @@
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term><emphasis role="bold">reload </emphasis>[-n] [-p]
-        [-<option>C</option>]</term>
-
-        <listitem>
-          <para>Added in Shorewall 5.0.0, <emphasis
-          role="bold">reload</emphasis> is similar to <emphasis
-          role="bold">shorewall-lite start</emphasis> except that it assumes
-          that the firewall is already started. Existing connections are
-          maintained.</para>
-
-          <para>The <option>-n</option> option causes Shorewall-lite to avoid
-          updating the routing table(s).</para>
-
-          <para>The <option>-p</option> option causes the connection tracking
-          table to be flushed; the <command>conntrack</command> utility must
-          be installed to use this option.</para>
-
-          <para>The <option>-C</option> option was added in Shorewall 4.6.5.
-          If the specified (or implicit) firewall script is the one that
-          generated the current running configuration, then the running
-          netfilter configuration will be reloaded as is so as to preserve the
-          iptables packet and byte counters.</para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term><emphasis role="bold">reset [<replaceable>chain</replaceable>,
         ...]</emphasis><acronym/></term>
@@ -1085,10 +1043,9 @@
         [-<option>C</option>]</term>
 
         <listitem>
-          <para>Beginning with Shorewall 5.0.0, this command performs a true
-          restart. The firewall is completely stopped as if a
-          <command>stop</command> command had been issued then it is started
-          again.</para>
+          <para>Restart is similar to <emphasis role="bold">shorewall-lite
+          start</emphasis> except that it assumes that the firewall is already
+          started. Existing connections are maintained.</para>
 
           <para>The <option>-n</option> option causes Shorewall-lite to avoid
           updating the routing table(s).</para>

Shorewall-lite/shorewall-lite.conf

@@ -1,5 +1,5 @@
 ###############################################################################
-#  /etc/shorewall-lite/shorewall-lite.conf Version 5 - Change the following
+#  /etc/shorewall-lite/shorewall-lite.conf Version 4 - Change the following
 #  variables to override the values in the shorewall.conf file used to
 #  compile /var/lib/shorewall-lite/firewall. Those values may be found in
 #  /var/lib/shorewall-lite/firewall.conf.

Shorewall-lite/shorewall-lite.service.debian

@@ -17,7 +17,6 @@ EnvironmentFile=-/etc/default/shorewall-lite
 StandardOutput=syslog
 ExecStart=/sbin/shorewall-lite $OPTIONS start $STARTOPTIONS
 ExecStop=/sbin/shorewall-lite $OPTIONS stop
-ExecReload=/sbin/shorewall-lite $OPTIONS reload $RELOADOPTIONS
 
 [Install]
 WantedBy=basic.target

Shorewall/INSTALL

@@ -1,4 +1,4 @@
-Shoreline Firewall (Shorewall) Version 5
+Shoreline Firewall (Shorewall) Version 4
 -----         ----
 
 -----------------------------------------------------------------------------

Shorewall/Macros/macro.AMQP

@@ -1,11 +1,13 @@
 #
-# Shorewall - AMQP Macro
+# Shorewall version 4 - AMQP Macro
 #
 # /usr/share/shorewall/macro.AMQP
 #
 #	This macro handles AMQP traffic.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	5672

Shorewall/Macros/macro.A_AllowICMPs

@@ -1,11 +1,13 @@
 #
-# Shorewall - Audited AllowICMPs Macro
+# Shorewall version 4 - Audited AllowICMPs Macro
 #
 # /usr/share/shorewall/macro.A_AllowICMPs
 #
 #	This macro A_ACCEPTs needed ICMP types
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION		SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #					PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 

Shorewall/Macros/macro.A_DropDNSrep

@@ -1,11 +1,13 @@
 #
-# Shorewall - Audited DropDNSrep Macro
+# Shorewall version 4 - Audited DropDNSrep Macro
 #
 # /usr/share/shorewall/macro.A_DropDNSrep
 #
 #	This macro silently audites and drops DNS UDP replies
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 

Shorewall/Macros/macro.A_DropUPnP

@@ -1,11 +1,13 @@
 #
-# Shorewall - ADropUPnP Macro
+# Shorewall version 4 - ADropUPnP Macro
 #
 # /usr/share/shorewall/macro.A_DropUPnP
 #
 #	This macro silently drops UPnP probes on UDP port 1900
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 

Shorewall/Macros/macro.ActiveDir

@@ -1,5 +1,5 @@
 #
-# Shorewall - Samba 4 Macro
+# Shorewall version 4 - Samba 4 Macro
 #
 # /usr/share/shorewall/macro.ActiveDir
 #
@@ -9,6 +9,8 @@
 #
 #
 ###############################################################################
+?FORMAT 2 
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM   -       -       tcp     389 	#LDAP services

Shorewall/Macros/macro.AllowICMPs

@@ -1,11 +1,13 @@
 #
-# Shorewall - AllowICMPs Macro
+# Shorewall version 4 - AllowICMPs Macro
 #
 # /usr/share/shorewall/macro.AllowICMPs
 #
 #	This macro ACCEPTs needed ICMP types
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 

Shorewall/Macros/macro.Amanda

@@ -1,5 +1,5 @@
 #
-# Shorewall - Amanda Macro
+# Shorewall version 4 - Amanda Macro
 #
 # /usr/share/shorewall/macro.Amanda
 #
@@ -8,6 +8,8 @@
 #	files from those nodes.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 

Shorewall/Macros/macro.Auth

@@ -1,11 +1,13 @@
 #
-# Shorewall - Auth Macro
+# Shorewall version 4 - Auth Macro
 #
 # /usr/share/shorewall/macro.Auth
 #
 #	This macro handles Auth (identd) traffic.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	113

Shorewall/Macros/macro.BGP

@@ -1,11 +1,13 @@
 #
-# Shorewall - BGP Macro
+# Shorewall version 4 - BGP Macro
 #
 # /usr/share/shorewall/macro.BGP
 #
 #	This macro handles BGP4 traffic.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	179	# BGP4

Shorewall/Macros/macro.BLACKLIST

@@ -1,11 +1,13 @@
 #
-# Shorewall - blacklist Macro
+# Shorewall version 4 - blacklist Macro
 #
 # /usr/share/shorewall/macro.blacklist
 #
 #	This macro handles blacklisting using BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?if $BLACKLIST_LOGLEVEL

Shorewall/Macros/macro.BitTorrent

@@ -1,5 +1,5 @@
 #
-# Shorewall - BitTorrent Macro
+# Shorewall version 4 - BitTorrent Macro
 #
 # /usr/share/shorewall/macro.BitTorrent
 #
@@ -9,6 +9,8 @@
 #	BitTorrent32 macro.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	6881:6889

Shorewall/Macros/macro.BitTorrent32

@@ -1,11 +1,13 @@
 #
-# Shorewall - BitTorrent 3.2 Macro
+# Shorewall version 4 - BitTorrent 3.2 Macro
 #
 # /usr/share/shorewall/macro.BitTorrent32
 #
 #	This macro handles BitTorrent traffic for BitTorrent 3.2 and later.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	6881:6999

Shorewall/Macros/macro.CVS

@@ -1,11 +1,13 @@
 #
-# Shorewall - CVS Macro
+# Shorewall version 4 - CVS Macro
 #
 # /usr/share/shorewall/macro.CVS
 #
 #	This macro handles connections to the CVS pserver.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	2401

Shorewall/Macros/macro.Citrix

@@ -1,5 +1,5 @@
 #
-# Shorewall - Citrix/ICA Macro
+# Shorewall version 4 - Citrix/ICA Macro
 #
 # /usr/share/shorewall/macro.Citrix
 #
@@ -7,6 +7,8 @@
 #	ICA Session Reliability)
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	1494	# ICA

Shorewall/Macros/macro.DAAP

@@ -1,5 +1,5 @@
 #
-# Shorewall - DAAP Macro
+# Shorewall version 4 - DAAP Macro
 #
 # /usr/share/shorewall/macro.DAAP
 #
@@ -7,6 +7,8 @@
 #	The protocol is used by iTunes, Rythmbox and other similar daemons.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	3689

Shorewall/Macros/macro.DCC

@@ -1,5 +1,5 @@
 #
-# Shorewall - DCC Macro
+# Shorewall version 4 - DCC Macro
 #
 # /usr/share/shorewall/macro.DCC
 #
@@ -7,6 +7,8 @@
 #	DCC is a distributed spam filtering mechanism.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	6277

Shorewall/Macros/macro.DHCPfwd

@@ -1,11 +1,13 @@
 #
-# Shorewall - DHCPfwd Macro
+# Shorewall version 4 - DHCPfwd Macro
 #
 # /usr/share/shorewall/macro.DHCPfwd
 #
 #	This macro (bidirectional) handles forwarded DHCP traffic
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	67:68	67:68	# DHCP

Shorewall/Macros/macro.DNS

@@ -1,11 +1,13 @@
 #
-# Shorewall - DNS Macro
+# Shorewall version 4 - DNS Macro
 #
 # /usr/share/shorewall/macro.DNS
 #
 #	This macro handles DNS traffic.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	53

Shorewall/Macros/macro.Distcc

@@ -1,11 +1,13 @@
 #
-# Shorewall - Distcc Macro
+# Shorewall version 4 - Distcc Macro
 #
 # /usr/share/shorewall/macro.Distcc
 #
 #	This macro handles connections to the Distributed Compiler service.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	3632

Shorewall/Macros/macro.Drop

@@ -1,5 +1,5 @@
 #
-# Shorewall - Drop Macro
+# Shorewall version 4 - Drop Macro
 #
 # /usr/share/shorewall/macro.Drop
 #
@@ -11,6 +11,8 @@
 #		Drop	net	all
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 #

Shorewall/Macros/macro.DropDNSrep

@@ -1,11 +1,13 @@
 #
-# Shorewall - DropDNSrep Macro
+# Shorewall version 4 - DropDNSrep Macro
 #
 # /usr/share/shorewall/macro.DropDNSrep
 #
 #	This macro silently drops DNS UDP replies
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 

Shorewall/Macros/macro.DropUPnP

@@ -1,11 +1,13 @@
 #
-# Shorewall - DropUPnP Macro
+# Shorewall version 4 - DropUPnP Macro
 #
 # /usr/share/shorewall/macro.DropUPnP
 #
 #	This macro silently drops UPnP probes on UDP port 1900
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 

Shorewall/Macros/macro.Edonkey

@@ -1,5 +1,5 @@
 #
-# Shorewall - Edonkey Macro
+# Shorewall version 4 - Edonkey Macro
 #
 # /usr/share/shorewall/macro.Edonkey
 #
@@ -28,6 +28,8 @@
 #	applications such as aMule WebServer or aMuleCMD.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	4662

Shorewall/Macros/macro.FTP

@@ -1,11 +1,13 @@
 #
-# Shorewall - FTP Macro
+# Shorewall version 4 - FTP Macro
 #
 # /usr/share/shorewall/macro.FTP
 #
 #	This macro handles FTP traffic.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __FTP_HELPER  )

Shorewall/Macros/macro.Finger

@@ -1,5 +1,5 @@
 #
-# Shorewall - Finger Macro
+# Shorewall version 4 - Finger Macro
 #
 # /usr/share/shorewall/macro.Finger
 #
@@ -7,6 +7,8 @@
 #	your finger information to internet.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	79

Shorewall/Macros/macro.GNUnet

@@ -1,11 +1,13 @@
 #
-# Shorewall - GNUnet Macro
+# Shorewall version 4 - GNUnet Macro
 #
 # /usr/share/shorewall/macro.GNUnet
 #
 #	This macro handles GNUnet (secure peer-to-peer networking) traffic.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	2086

Shorewall/Macros/macro.GRE

@@ -1,5 +1,5 @@
 #
-# Shorewall - GRE Macro
+# Shorewall version 4 - GRE Macro
 #
 # /usr/share/shorewall/macro.GRE
 #
@@ -7,6 +7,8 @@
 #	traffic (RFC 1701)
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	47	# GRE

Shorewall/Macros/macro.Git

@@ -1,11 +1,13 @@
 #
-# Shorewall - Git Macro
+# Shorewall version 4 - Git Macro
 #
 # /usr/share/shorewall/macro.Git
 #
 #	This macro handles Git traffic.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	9418

Shorewall/Macros/macro.Gnutella

@@ -1,11 +1,13 @@
 #
-# Shorewall - Gnutella Macro
+# Shorewall version 4 - Gnutella Macro
 #
 # /usr/share/shorewall/macro.Gnutella
 #
 #	This macro handles Gnutella traffic.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	6346

Shorewall/Macros/macro.Goto-Meeting

@@ -1,5 +1,5 @@
 #
-# Shorewall - Citrix/Goto Meeting macro
+# Shorewall version 4 - Citrix/Goto Meeting macro
 #
 # /usr/share/shorewall/macro.Goto-Meeting
 #          by Eric Teeter
@@ -7,6 +7,8 @@
 #       Assumes that ports 80 and 443 are already open
 #       If needed, use the macros that open Http and Https to reduce redundancy
 ####################################################################################
+?FORMAT 2
+####################################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM      -    -       tcp     8200    # Goto Meeting only needed (TCP outbound)

Shorewall/Macros/macro.HKP

@@ -1,11 +1,13 @@
 #
-# Shorewall - HKP Macro
+# Shorewall version 4 - HKP Macro
 #
 # /usr/share/shorewall/macro.HKP
 #
 #	This macro handles OpenPGP HTTP keyserver protocol traffic.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	11371

Shorewall/Macros/macro.HTTP

@@ -1,11 +1,13 @@
 #
-# Shorewall - HTTP Macro
+# Shorewall version 4 - HTTP Macro
 #
 # /usr/share/shorewall/macro.HTTP
 #
 #	This macro handles plaintext HTTP (WWW) traffic.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	80

Shorewall/Macros/macro.HTTPS

@@ -1,11 +1,13 @@
 #
-# Shorewall - HTTPS Macro
+# Shorewall version 4 - HTTPS Macro
 #
 # /usr/share/shorewall/macro.HTTPS
 #
 #	This macro handles HTTPS (WWW over SSL) traffic.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	443

Shorewall/Macros/macro.ICPV2

@@ -1,11 +1,13 @@
 #
-# Shorewall - ICPV2 Macro
+# Shorewall version 4 - ICPV2 Macro
 #
 # /usr/share/shorewall/macro.ICPV2
 #
 #	This macro handles Internet Cache Protocol V2 (Squid) traffic
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	3130

Shorewall/Macros/macro.ICQ

@@ -1,11 +1,13 @@
 #
-# Shorewall - ICQ Macro
+# Shorewall version 4 - ICQ Macro
 #
 # /usr/share/shorewall/macro.ICQ
 #
 #	This macro handles ICQ, now called AOL Instant Messenger (or AIM).
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	5190

Shorewall/Macros/macro.ILO

@@ -1,5 +1,5 @@
 #
-# Shorewall - ILO Macro
+# Shorewall version 4 - ILO Macro
 #
 # /usr/share/shorewall/macro.ILO
 #
@@ -8,6 +8,8 @@
 #	workstations.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	3002		# Raw serial data

Shorewall/Macros/macro.IMAP

@@ -1,5 +1,5 @@
 #
-# Shorewall - IMAP Macro
+# Shorewall version 4 - IMAP Macro
 #
 # /usr/share/shorewall/macro.IMAP
 #
@@ -7,6 +7,8 @@
 #	see macro.IMAPS.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	143

Shorewall/Macros/macro.IMAPS

@@ -1,5 +1,5 @@
 #
-# Shorewall - IMAPS Macro
+# Shorewall version 4 - IMAPS Macro
 #
 # /usr/share/shorewall/macro.IMAPS
 #
@@ -7,6 +7,8 @@
 #	(not recommended), see macro.IMAP.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	993

Shorewall/Macros/macro.IPIP

@@ -1,11 +1,13 @@
 #
-# Shorewall - IPIP Macro
+# Shorewall version 4 - IPIP Macro
 #
 # /usr/share/shorewall/macro.IPIP
 #
 #	This macro (bidirectional) handles IPIP capsulation traffic
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	94	# IPIP

Shorewall/Macros/macro.IPMI

@@ -1,5 +1,5 @@
 #
-# Shorewall - IPMI Macro
+# Shorewall version 4 - IPMI Macro
 #
 # /usr/share/shorewall/macro.IPMI
 #
@@ -9,6 +9,8 @@
 #	workstations.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	623		# RMCP

Shorewall/Macros/macro.IPP

@@ -1,11 +1,13 @@
 #
-# Shorewall - IPP Macro
+# Shorewall version 3.2 - IPP Macro
 #
 # /usr/share/shorewall/macro.IPP
 #
 #	This macro handles Internet Printing Protocol (IPP).
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	631

Shorewall/Macros/macro.IPPbrd

@@ -1,5 +1,5 @@
 #
-# Shorewall - IPP Broadcast Macro
+# Shorewall version 4 - IPP Broadcast Macro
 #
 # /usr/share/shorewall/macro.IPPbrd
 #
@@ -8,6 +8,8 @@
 #       direction, use the IPPserver Macro
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	631

Shorewall/Macros/macro.IPPserver

@@ -1,5 +1,5 @@
 #
-# Shorewall - IPPserver Macro
+# Shorewall version 4 - IPPserver Macro
 #
 # /usr/share/shorewall/macro.IPPserver
 #
@@ -23,6 +23,8 @@
 #		IPPserver/ACCEPT $FW loc
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	SOURCE	DEST	tcp	631

Shorewall/Macros/macro.IPsec

@@ -1,11 +1,13 @@
 #
-# Shorewall - IPsec Macro
+# Shorewall version 4 - IPsec Macro
 #
 # /usr/share/shorewall/macro.IPsec
 #
 #	This macro (bidirectional) handles IPsec traffic
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	500	500	# IKE

Shorewall/Macros/macro.IPsecah

@@ -1,5 +1,5 @@
 #
-# Shorewall - IPsecah Macro
+# Shorewall version 4 - IPsecah Macro
 #
 # /usr/share/shorewall/macro.IPsecah
 #
@@ -7,6 +7,8 @@
 #       This is insecure. You should use ESP with encryption for security.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	500	500	# IKE

Shorewall/Macros/macro.IPsecnat

@@ -1,11 +1,13 @@
 #
-# Shorewall - IPsecnat Macro
+# Shorewall version 4 - IPsecnat Macro
 #
 # /usr/share/shorewall/macro.IPsecnat
 #
 #	This macro (bidirectional) handles IPsec traffic and Nat-Traversal
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	500	# IKE

Shorewall/Macros/macro.IRC

@@ -1,11 +1,13 @@
 #
-# Shorewall IRC Macro
+# Shorewall version 4 IRC Macro
 #
 # /usr/share/shorewall/macro.IRC
 #
 #	This macro handles IRC traffic (Internet Relay Chat).
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 

Shorewall/Macros/macro.JAP

@@ -1,5 +1,5 @@
 #
-# Shorewall - JAP Macro
+# Shorewall version 4 - JAP Macro
 #
 # /usr/share/shorewall/macro.JAP
 #
@@ -8,6 +8,8 @@
 #	to browse anonymously!
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	8080 # HTTP port

Shorewall/Macros/macro.Jabber

@@ -1,11 +1,13 @@
 #
-# Shorewall - Jabber Macro
+# Shorewall version 4 - Jabber Macro
 #
 # /usr/share/shorewall/macro.Jabber
 #
 #	This macro accepts Jabber traffic.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	5222

Shorewall/Macros/macro.JabberPlain

@@ -1,5 +1,5 @@
 #
-# Shorewall - JabberPlain Macro
+# Shorewall version 4 - JabberPlain Macro
 #
 # /usr/share/shorewall/macro.JabberPlain
 #
@@ -7,6 +7,8 @@
 #	deprecated - use of macro.Jabber instead is recommended.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 Jabber

Shorewall/Macros/macro.JabberSecure

@@ -1,5 +1,5 @@
 #
-# Shorewall - JabberSecure (SSL) Macro
+# Shorewall version 4 - JabberSecure (SSL) Macro
 #
 # /usr/share/shorewall/macro.JabberSecure
 #
@@ -8,6 +8,8 @@
 #	Jabber macro instead.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	5223

Shorewall/Macros/macro.Jabberd

@@ -1,11 +1,13 @@
 #
-# Shorewall - Jabberd (server intercommunication)
+# Shorewall version 3.4 - Jabberd (server intercommunication)
 #
 # /usr/share/shorewall/macro.Jabberd
 #
 #	This macro accepts Jabberd intercommunication traffic
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	5269

Shorewall/Macros/macro.Jetdirect

@@ -1,11 +1,13 @@
 #
-# Shorewall - Jetdirect Macro
+# Shorewall version 3.2 - Jetdirect Macro
 #
 # /usr/share/shorewall/macro.Jetdirect
 #
 #	This macro handles HP Jetdirect printing.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	9100

Shorewall/Macros/macro.Kerberos

@@ -1,11 +1,13 @@
 #
-# Shorewall - Kerberos Macro
+# Shorewall version 4 - Kerberos Macro
 #
 # /usr/share/shorewall/macro.Kerberos
 #
 #	This macro handles Kerberos traffic.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	88

Shorewall/Macros/macro.L2TP

@@ -1,5 +1,5 @@
 #
-# Shorewall - L2TP Macro
+# Shorewall version 4 - L2TP Macro
 #
 # /usr/share/shorewall/macro.L2TP
 #
@@ -7,6 +7,8 @@
 #	(RFC 2661)
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	1701	# L2TP

Shorewall/Macros/macro.LDAP

@@ -1,5 +1,5 @@
 #
-# Shorewall - LDAP Macro
+# Shorewall version 4 - LDAP Macro
 #
 # /usr/share/shorewall/macro.LDAP
 #
@@ -11,6 +11,8 @@
 #	Consult your LDAP server documentation for details.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	389

Shorewall/Macros/macro.LDAPS

@@ -1,5 +1,5 @@
 #
-# Shorewall - LDAPS Macro
+# Shorewall version 4 - LDAPS Macro
 #
 # /usr/share/shorewall/macro.LDAPS
 #
@@ -11,6 +11,8 @@
 #	Consult your LDAP server documentation for details.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	636

Shorewall/Macros/macro.MSNP

@@ -1,11 +1,13 @@
 #
-# Shorewall - MSNP Macro
+# Shorewall version 4 - MSNP Macro
 #
 # /usr/share/shorewall/macro.MSNP
 #
 #	This macro handles MSNP (MicroSoft Notification Protocol)
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	1863

Shorewall/Macros/macro.MSSQL

@@ -1,12 +1,13 @@
 #
-# Shorewall - MSSQL Macro
+# Shorewall version 4 - MSSQL Macro
 #
 # /usr/share/shorewall/macro.MSSQL
 #
 #	This macro handles MSSQL (Microsoft SQL Server)
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	1433
-PARAM	-	-	udp	1434

Shorewall/Macros/macro.Mail

@@ -1,5 +1,5 @@
 #
-# Shorewall - Mail Macro
+# Shorewall version 4 - Mail Macro
 #
 # /usr/share/shorewall/macro.Mail
 #
@@ -12,6 +12,8 @@
 #	the POP3 or IMAP macros.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	25

Shorewall/Macros/macro.MongoDB

@@ -1,11 +1,13 @@
 #
-# Shorewall - MongoDB Macro
+# Shorewall version 4 - MongoDB Macro
 #
 # /usr/share/shorewall/macro.MongoDB
 #
 #	This macro handles MongoDB Daemon/Router traffic.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	27017

Shorewall/Macros/macro.Munin

@@ -1,11 +1,13 @@
 #
-# Shorewall - Munin Macro
+# Shorewall version 4 - Munin Macro
 #
 # /usr/share/shorewall/macro.Munin
 #
 #	This macro handles Munin networked resource monitoring traffic
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	4949

Shorewall/Macros/macro.MySQL

@@ -1,11 +1,13 @@
 #
-# Shorewall - MySQL Macro
+# Shorewall version 4 - MySQL Macro
 #
 # /usr/share/shorewall/macro.MySQL
 #
 #	This macro handles connections to the MySQL server.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	3306

Shorewall/Macros/macro.NNTP

@@ -1,5 +1,5 @@
 #
-# Shorewall NNTP Macro
+# Shorewall version 4 NNTP Macro
 #
 # /usr/share/shorewall/macro.NNTP
 #
@@ -7,6 +7,8 @@
 #	encrypted NNTP, see macro.NNTPS.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	119

Shorewall/Macros/macro.NNTPS

@@ -1,5 +1,5 @@
 #
-# Shorewall NNTPS Macro
+# Shorewall version 4 NNTPS Macro
 #
 # /usr/share/shorewall/macro.NNTPS
 #
@@ -7,6 +7,8 @@
 #	plaintext NNTP, see macro.NNTP.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	563

Shorewall/Macros/macro.NTP

@@ -1,5 +1,5 @@
 #
-# Shorewall - NTP Macro
+# Shorewall version 4 - NTP Macro
 #
 # /usr/share/shorewall/macro.NTP
 #
@@ -7,6 +7,8 @@
 #	For broadcast NTP traffic, use NTPbrd Macro.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	123

Shorewall/Macros/macro.NTPbi

@@ -1,11 +1,13 @@
 #
-# Shorewall - NTPbi Macro
+# Shorewall version 4 - NTPbi Macro
 #
 # /usr/share/shorewall/macro.NTPbi
 #
 #        This macro handles  bi-directional NTP (for NTP peers)
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	123

Shorewall/Macros/macro.NTPbrd

@@ -1,5 +1,5 @@
 #
-# Shorewall - NTPbrd Macro
+# Shorewall version 4 - NTPbrd Macro
 #
 # /usr/share/shorewall/macro.NTPbrd
 #
@@ -11,6 +11,8 @@
 #	Netfilter doesn't track connections for broadcast traffic.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-		-		udp	123

Shorewall/Macros/macro.OSPF

@@ -1,11 +1,13 @@
 #
-# Shorewall - OSPF Macro
+# Shorewall version 4 - OSPF Macro
 #
 # /usr/share/shorewall/macro.OSPF
 #
 #	This macro handles OSPF multicast traffic
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	89	# OSPF

Shorewall/Macros/macro.OpenVPN

@@ -1,11 +1,13 @@
 #
-# Shorewall - OpenVPN Macro
+# Shorewall version 4 - OpenVPN Macro
 #
 # /usr/share/shorewall/macro.OpenVPN Macro
 #
 #	This macro handles OpenVPN traffic.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	1194

Shorewall/Macros/macro.PCA

@@ -1,11 +1,13 @@
 #
-# Shorewall - PCA Macro
+# Shorewall version 4 - PCA Macro
 #
 # /usr/share/shorewall/macro.PCA
 #
 #	This macro handles PCAnywere (tm)
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	udp	5632

Shorewall/Macros/macro.POP3

@@ -1,5 +1,5 @@
 #
-# Shorewall - POP3 Macro
+# Shorewall version 4 - POP3 Macro
 #
 # /usr/share/shorewall/macro.POP3
 #
@@ -7,6 +7,8 @@
 #	see macro.POP3S.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	110

Shorewall/Macros/macro.POP3S

@@ -1,5 +1,5 @@
 #
-# Shorewall - POP3S Macro
+# Shorewall version 4 - POP3S Macro
 #
 # /usr/share/shorewall/macro.POP3S
 #
@@ -7,6 +7,8 @@
 #	see macro.POP3.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	995	# Secure POP3

Shorewall/Macros/macro.PPtP

@@ -1,11 +1,13 @@
 #
-# Shorewall - PPTP Macro
+# Shorewall version 4 - PPTP Macro
 #
 # /usr/share/shorewall/macro.PPtP Macro
 #
 #	This macro handles PPTP traffic.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	47

Shorewall/Macros/macro.Ping

@@ -1,11 +1,13 @@
 #
-# Shorewall - Ping Macro
+# Shorewall version 4 - Ping Macro
 #
 # /usr/share/shorewall/macro.Ping
 #
 #	This macro handles 'ping' requests.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	icmp	8

Shorewall/Macros/macro.PostgreSQL

@@ -1,11 +1,13 @@
 #
-# Shorewall - PostgreSQL Macro
+# Shorewall version 4 - PostgreSQL Macro
 #
 # /usr/share/shorewall/macro.PostgreSQL
 #
 #	This macro handles connections to the PostgreSQL server.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	5432

Shorewall/Macros/macro.Printer

@@ -1,11 +1,13 @@
 #
-# Shorewall - Printer Macro
+# Shorewall version 3.2 - Printer Macro
 #
 # /usr/share/shorewall/macro.Printer
 #
 #	This macro handles Line Printer protocol printing.
 #
 ###############################################################################
+?FORMAT 2
+###############################################################################
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
 #				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
 PARAM	-	-	tcp	515