Handle another issue with ADD_SNAT_ALIASES=Yes

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall-core/configure

@@ -235,7 +235,8 @@ for on in \
     SPARSE \
     ANNOTATED \
     VARLIB \
-    VARDIR
+    VARDIR \
+    DEFAULT_PAGER
 do
     echo "$on=${options[${on}]}"
     echo "$on=${options[${on}]}" >> shorewallrc

Shorewall-core/configure.pl

@@ -209,7 +209,8 @@ for ( qw/ HOST
 	  SPARSE
 	  ANNOTATED
 	  VARLIB
-	  VARDIR / ) {
+	  VARDIR
+          DEFAULT_PAGER / ) {
 
     my $val = $options{$_} || '';
 

Shorewall-core/install.sh

@@ -2,7 +2,7 @@
 #
 # Script to install Shoreline Firewall Core Modules
 #
-#     (c) 2000-2011,2014 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
@@ -24,6 +24,9 @@
 
 VERSION=xxx #The Build script inserts the actual version
 
+PRODUCT=shorewall-core
+Product="Shorewall Core"
+ 
 usage() # $1 = exit status
 {
     ME=$(basename $0)
@@ -100,6 +103,9 @@ require()
     eval [ -n "\$$1" ] || fatal_error "Required option $1 not set"
 }
 
+#
+# Change to the directory containing this script
+#
 cd "$(dirname $0)"
 
 #
@@ -340,8 +346,10 @@ fi
 mkdir -p ${DESTDIR}${SBINDIR}
 chmod 755 ${DESTDIR}${SBINDIR}
 
-mkdir -p ${DESTDIR}${MANDIR}
-chmod 755 ${DESTDIR}${MANDIR}
+if [ -n "${MANDIR}" ]; then
+    mkdir -p ${DESTDIR}${MANDIR}
+    chmod 755 ${DESTDIR}${MANDIR}
+fi
 
 if [ -n "${INITFILE}" ]; then
     mkdir -p ${DESTDIR}${INITDIR}

Shorewall-core/lib.common

@@ -25,6 +25,22 @@
 # scripts rather than loaded at run-time.
 #
 #########################################################################################
+#
+# Wrapper around logger that sets the tag according to $SW_LOGGERTAG
+#
+mylogger() {
+    local level
+
+    level=$1
+    shift
+
+    if [ -n "$SW_LOGGERTAG" ]; then
+	logger -p $level -t "$SW_LOGGERTAG" $*
+    else
+	logger -p $level $*
+    fi
+}
+
 #
 # Issue a message and stop
 #
@@ -33,24 +49,24 @@ startup_error() # $* = Error Message
     echo "   ERROR: $@: Firewall state not changed" >&2
 
     if [ $LOG_VERBOSITY -ge 0 ]; then
-        timestamp="$(date +'%b %d %T') "
+        timestamp="$(date +'%b %e %T') "
         echo "${timestamp}  ERROR: $@" >> $STARTUP_LOG
     fi
 
     case $COMMAND in
         start)
-	    logger -p kern.err "ERROR:$g_product start failed:Firewall state not changed"
+	    mylogger kern.err "ERROR:$g_product start failed:Firewall state not changed"
 	    ;;
 	restart)
-	    logger -p kern.err "ERROR:$g_product restart failed:Firewall state not changed"
+	    mylogger kern.err "ERROR:$g_product restart failed:Firewall state not changed"
 	    ;;
 	restore)
-	    logger -p kern.err "ERROR:$g_product restore failed:Firewall state not changed"
+	    mylogger kern.err "ERROR:$g_product restore failed:Firewall state not changed"
 	    ;;
     esac
 
     if [ $LOG_VERBOSITY -ge 0 ]; then
-        timestamp="$(date +'%b %d %T') "
+        timestamp="$(date +'%b %e %T') "
 
 	case $COMMAND in
 	    start)
@@ -696,9 +712,9 @@ find_file()
 set_state () # $1 = state
 {
     if [ $# -gt 1 ]; then
-	echo "$1 ($(date)) from $2" > ${VARDIR}/state
+	echo "$1 $(date) from $2" > ${VARDIR}/state
     else
-	echo "$1 ($(date))" > ${VARDIR}/state
+	echo "$1 $(date)" > ${VARDIR}/state
     fi
 }
 
@@ -760,7 +776,7 @@ mutex_on()
 		error_message "WARNING: Stale lockfile ${lockf} removed"
 	    elif [ $lockpid -eq $$ ]; then
                 return 0
-	    elif ! qt ps p ${lockpid}; then
+	    elif ! ps | grep -v grep | qt grep ${lockpid}; then
 		rm -f ${lockf}
 		error_message "WARNING: Stale lockfile ${lockf} from pid ${lockpid} removed"
 	    fi
@@ -772,10 +788,8 @@ mutex_on()
 	    echo $$ > ${lockf}
 	    chmod u-w ${lockf}
 	elif qt mywhich lock; then
-            lock -${MUTEX_TIMEOUT} -r1 ${lockf}
-            chmod u+w ${lockf}
-            echo $$ > ${lockf}
-            chmod u-w ${lockf}
+            lock ${lockf}
+            chmod u=r ${lockf}
 	else
 	    while [ -f ${lockf} -a ${try} -lt ${MUTEX_TIMEOUT} ] ; do
 		sleep 1
@@ -797,6 +811,7 @@ mutex_on()
 #
 mutex_off()
 {
+    [ -f ${CONFDIR}/rc.common ] && lock -u ${LOCKFILE:=${VARDIR}/lock}
     rm -f ${LOCKFILE:=${VARDIR}/lock}
 }
 

Shorewall-core/shorewallrc.apple

@@ -19,3 +19,4 @@ SERVICEFILE=                           #Unused on OS X
 SYSCONFDIR=                            #Unused on OS X
 SPARSE=Yes                             #Only install $PRODUCT/$PRODUCT.conf in $CONFDIR.
 VARLIB=/var/lib                        #Unused on OS X
+DEFAULT_PAGER=			       #Pager to use if none specified in shorewall[6].conf

Shorewall-core/shorewallrc.archlinux

@@ -20,3 +20,4 @@ SERVICEFILE=                           #Name of the file to install in $SYSTEMD.
 SPARSE=                                #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
 VARLIB=/var/lib                        #Directory where product variable data is stored.
 VARDIR=${VARLIB}/$PRODUCT              #Directory where product variable data is stored.
+DEFAULT_PAGER=			       #Pager to use if none specified in shorewall[6].conf

Shorewall-core/shorewallrc.cygwin

@@ -19,3 +19,4 @@ SERVICEFILE=                          #Unused on Cygwin
 SYSCONFDIR=                           #Unused on Cygwin
 SPARSE=Yes                            #Only install $PRODUCT/$PRODUCT.conf in $CONFDIR.
 VARLIB=/var/lib                       #Unused on Cygwin
+DEFAULT_PAGER=			      #Pager to use if none specified in shorewall[6].conf

Shorewall-core/shorewallrc.debian.systemd

@@ -21,3 +21,4 @@ SERVICEDIR=/lib/systemd/system		#Directory where .service files are installed (s
 SPARSE=Yes				#If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
 VARLIB=/var/lib				#Directory where product variable data is stored.
 VARDIR=${VARLIB}/$PRODUCT		#Directory where product variable data is stored.
+DEFAULT_PAGER=/usr/bin/less		#Pager to use if none specified in shorewall[6].conf

Shorewall-core/shorewallrc.debian.sysvinit

@@ -21,3 +21,4 @@ SERVICEDIR=				#Directory where .service files are installed (systems running sy
 SPARSE=Yes                              #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
 VARLIB=/var/lib                         #Directory where product variable data is stored.
 VARDIR=${VARLIB}/$PRODUCT               #Directory where product variable data is stored.
+DEFAULT_PAGER=/usr/bin/less		#Pager to use if none specified in shorewall[6].conf

Shorewall-core/shorewallrc.default

@@ -21,3 +21,4 @@ SYSCONFDIR=                             #Directory where SysV init parameter fil
 SPARSE=                                 #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
 VARLIB=/var/lib                         #Directory where product variable data is stored.
 VARDIR=${VARLIB}/$PRODUCT               #Directory where product variable data is stored.
+DEFAULT_PAGER=				#Pager to use if none specified in shorewall[6].conf

Shorewall-core/shorewallrc.openwrt

@@ -3,24 +3,22 @@
 #
 # Input: host=openwrt
 #
-HOST=openwrt
-PREFIX=/usr                             
-SHAREDIR=${PREFIX}/share                
-LIBEXECDIR=${PREFIX}/share              
-PERLLIBDIR=${PREFIX}/share/shorewall    
-CONFDIR=/etc                            
-SBINDIR=/sbin                           
-MANDIR=${PREFIX}/man                    
-INITDIR=/etc/init.d                     
-INITSOURCE=init.openwrt.sh
-INITFILE=$PRODUCT                       
-AUXINITSOURCE=
-AUXINITFILE=
-SERVICEDIR=                             
-SERVICEFILE=                            
-SYSCONFFILE=default.openwrt
-SYSCONFDIR=${CONFDIR}/sysconfig
-SPARSE=                                 
-ANNOTATED=                              
-VARLIB=/lib
-VARDIR=${VARLIB}/$PRODUCT               
+PREFIX=/usr                             #Top-level directory for shared files, libraries, etc.
+SHAREDIR=${PREFIX}/share                #Directory for arch-neutral files.
+LIBEXECDIR=${PREFIX}/share              #Directory for executable scripts.
+PERLLIBDIR=${PREFIX}/share/shorewall    #Directory to install Shorewall Perl module directory
+CONFDIR=/etc                            #Directory where subsystem configurations are installed
+SBINDIR=/sbin                           #Directory where system administration programs are installed
+MANDIR=                                 #Directory where manpages are installed.
+INITDIR=/etc/init.d                     #Directory where SysV init scripts are installed.
+INITFILE=$PRODUCT                       #Name of the product's installed SysV init script
+INITSOURCE=init.openwrt.sh              #Name of the distributed file to be installed as the SysV init script
+ANNOTATED=                              #If non-zero, annotated configuration files are installed
+SYSCONFDIR=${CONFDIR}/sysconfig         #Directory where SysV init parameter files are installed
+SYSCONFFILE=sysconfig                   #Name of the distributed file to be installed in $SYSCONFDIR
+SERVICEDIR=				#Directory where .service files are installed (systems running systemd only)
+SERVICEFILE=				#Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
+SPARSE=                                 #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
+VARLIB=/lib                             #Directory where product variable data is stored.
+VARDIR=${VARLIB}/$PRODUCT               #Directory where product variable data is stored.
+DEFAULT_PAGER=				#Pager to use if none specified in shorewall[6].conf

Shorewall-core/shorewallrc.redhat

@@ -21,3 +21,4 @@ SYSCONFDIR=/etc/sysconfig/              #Directory where SysV init parameter fil
 SPARSE=                                 #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
 VARLIB=/var/lib                         #Directory where product variable data is stored.
 VARDIR=${VARLIB}/$PRODUCT               #Directory where product variable data is stored.
+DEFAULT_PAGER=				#Pager to use if none specified in shorewall[6].conf

Shorewall-core/shorewallrc.slackware

@@ -22,3 +22,4 @@ SYSCONFDIR=                                #Name of the directory where SysV ini
 ANNOTATED=                                 #If non-empty, install annotated configuration files
 VARLIB=/var/lib                            #Directory where product variable data is stored.
 VARDIR=${VARLIB}/$PRODUCT                  #Directory where product variable data is stored.
+DEFAULT_PAGER=				   #Pager to use if none specified in shorewall[6].conf

Shorewall-core/shorewallrc.suse

@@ -7,17 +7,18 @@ PREFIX=/usr                                           #Top-level directory for s
 CONFDIR=/etc                                          #Directory where subsystem configurations are installed
 SHAREDIR=${PREFIX}/share                              #Directory for arch-neutral files.
 LIBEXECDIR=${PREFIX}/lib                              #Directory for executable scripts.
-PERLLIBDIR=${PREFIX}/lib/perl5/vendor_perl/5.14.2     #Directory to install Shorewall Perl module directory
+PERLLIBDIR=${PREFIX}/lib/perl5/site-perl              #Directory to install Shorewall Perl module directory
 SBINDIR=/usr/sbin                                     #Directory where system administration programs are installed
 MANDIR=${SHAREDIR}/man/                               #Directory where manpages are installed.
 INITDIR=/etc/init.d                                   #Directory where SysV init scripts are installed.
-INITFILE=$PRODUCT                                     #Name of the product's SysV init script
+INITFILE=                                             #Name of the product's SysV init script
 INITSOURCE=init.suse.sh                               #Name of the distributed file to be installed as the SysV init script
 ANNOTATED=                                            #If non-zero, annotated configuration files are installed
-SERVICEDIR=                                           #Directory where .service files are installed (systems running systemd only)
-SERVICEFILE=                      		      #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
+SERVICEDIR=/usr/lib/systemd/system                    #Directory where .service files are installed (systems running systemd only)
+SERVICEFILE=$PRODUCT.service          		      #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFFILE=sysconfig                                 #Name of the distributed file to be installed in $SYSCONFDIR
 SYSCONFDIR=/etc/sysconfig/                            #Directory where SysV init parameter files are installed
 SPARSE=                                               #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
 VARLIB=/var/lib                                       #Directory where persistent product data is stored.
 VARDIR=${VARLIB}/$PRODUCT                             #Directory where product variable data is stored.
+DEFAULT_PAGER=				   	      #Pager to use if none specified in shorewall[6].conf

Shorewall-core/uninstall.sh

@@ -2,7 +2,7 @@
 #
 # Script to back uninstall Shoreline Firewall
 #
-#     (c) 2000-2014 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://www.shorewall.net
 #
@@ -27,7 +27,9 @@
 #       shown below. Simply run this script to remove Shorewall Firewall
 
 VERSION=xxx #The Build script inserts the actual version
-
+PRODUCT="shorewall-core"
+Product="Shorewall Core"
+ 
 usage() # $1 = exit status
 {
     ME=$(basename $0)
@@ -66,6 +68,11 @@ remove_file() # $1 = file to restore
     fi
 }
 
+#
+# Change to the directory containing this script
+#
+cd "$(dirname $0)"
+
 #
 # Read the RC file
 #
@@ -110,6 +117,7 @@ fi
 echo "Uninstalling Shorewall Core $VERSION"
 
 rm -rf ${SHAREDIR}/shorewall
+rm -f ~/.shorewallrc
 
 echo "Shorewall Core Uninstalled"
 

Shorewall-init/README.txt

@@ -1 +0,0 @@
-This is the Shorewall-init stable 4.4 branch of Git.

Shorewall-init/init.debian.sh

@@ -30,7 +30,7 @@
 # Required-Stop:     $local_fs
 # X-Stop-After:      $network
 # Default-Start:     S
-# Default-Stop:      0 6
+# Default-Stop:      0 1 6
 # Short-Description: Initialize the firewall at boot time
 # Description:       Place the firewall in a safe state at boot time prior to
 #                    bringing up the network

Shorewall-init/init.openwrt.sh

@@ -0,0 +1,131 @@
+#!/bin/sh /etc/rc.common
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
+#
+#     (c) 2010,2012-2014 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2016           - Matt Darfeuille (matdarf@gmail.com)
+#
+#       On most distributions, this file should be called /etc/init.d/shorewall-init.
+#
+#       This program is part of Shorewall.
+#
+#	This program is free software; you can redistribute it and/or modify
+#	it under the terms of the GNU General Public License as published by the
+#       Free Software Foundation, either version 2 of the license or, at your
+#       option, any later version.
+#
+#	This program is distributed in the hope that it will be useful,
+#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#	GNU General Public License for more details.
+#
+#	You should have received a copy of the GNU General Public License
+#	along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+#       You should have received a copy of the GNU General Public License
+#       along with this program; if not, write to the Free Software
+#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+#
+
+# arg1 of init script is arg2 when rc.common is sourced
+
+case "$action" in
+  start|stop|boot)
+      if [ "$(id -u)" != "0" ]
+      then
+	  echo "You must be root to start, stop or restart \"Shorewall \"."
+	  exit 1
+      fi
+
+      # check if shorewall-init is configured or not
+      if [ -f "/etc/sysconfig/shorewall-init" ]
+      then
+	  . /etc/sysconfig/shorewall-init
+	  if [ -z "$PRODUCTS" ]
+	  then
+	      exit 0
+	  fi
+      else
+	  exit 0
+      fi
+
+      ;;
+  enable|disable|enabled)
+      # Openwrt related
+      # start and stop runlevel variable
+      START=19
+      STOP=91
+      ;;
+  *)
+      echo "Usage: /etc/init.d/shorewall-init {start|stop}"
+      exit 1
+esac
+
+#
+# The installer may alter this
+#
+. /usr/share/shorewall/shorewallrc
+
+# Locate the current PRODUCT's statedir
+setstatedir() {
+    local statedir
+    if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
+	statedir=$( . ${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
+    fi
+
+    [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
+
+    if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
+	${SBINDIR}/$PRODUCT ${OPTIONS} compile $STATEDIR/firewall
+    else
+	return 0
+    fi
+}
+
+# Initialize the firewall
+start () {
+    local PRODUCT
+  local STATEDIR
+
+  echo -n "Initializing \"Shorewall-based firewalls\": "
+  for PRODUCT in $PRODUCTS; do
+      if setstatedir; then
+	  if [ -x ${STATEDIR}/firewall ]; then
+	      if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
+		  ${STATEDIR}/firewall ${OPTIONS} stop
+	      fi
+	  fi
+      fi
+  done
+
+  if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
+      ipset -R < "$SAVE_IPSETS"
+  fi
+}
+
+boot () {
+    start
+}
+
+# Clear the firewall
+stop () {
+    local PRODUCT
+    local STATEDIR
+
+    echo -n "Clearing \"Shorewall-based firewalls\": "
+    for PRODUCT in $PRODUCTS; do
+	if setstatedir; then
+	    if [ -x ${STATEDIR}/firewall ]; then
+		${STATEDIR}/firewall ${OPTIONS} clear
+	    fi
+	fi
+    done
+
+    if [ -n "$SAVE_IPSETS" ]; then
+	mkdir -p $(dirname "$SAVE_IPSETS")
+	if ipset -S > "${SAVE_IPSETS}.tmp"; then
+	    grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
+	fi
+    fi
+}
+

Shorewall-init/install.sh

@@ -2,7 +2,7 @@
 #
 # Script to install Shoreline Firewall Init
 #
-#     (c) 2000-20114 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
 #     (c) 2010 - Roberto C. Sanchez (roberto@connexer.com)
 #
 #       Shorewall documentation is available at http://shorewall.net
@@ -28,6 +28,8 @@
 #
 
 VERSION=xxx #The Build script inserts the actual version.
+PRODUCT=shorewall-init
+Product="Shorewall Init"
 
 usage() # $1 = exit status
 {
@@ -71,39 +73,50 @@ mywhich() {
     return 2
 }
 
-run_install()
-{
-    if ! install $*; then
-	echo
-	echo "ERROR: Failed to install $*" >&2
-	exit 1
-    fi
-}
-
 cant_autostart()
 {
     echo
     echo  "WARNING: Unable to configure shorewall init to start automatically at boot" >&2
 }
 
+install_file() # $1 = source $2 = target $3 = mode
+{
+    if cp -f $1 $2; then
+	if chmod $3 $2; then
+	    if [ -n "$OWNER" ]; then
+		if chown $OWNER:$GROUP $2; then
+		    return
+		fi
+	    else
+		return 0
+	    fi
+	fi
+    fi
+
+    echo "ERROR: Failed to install $2" >&2
+    exit 1
+}
+
+make_directory() # $1 = directory , $2 = mode
+{
+    mkdir -p $1
+    chmod 0755 $1
+    [ -n "$OWNERSHIP" ] && chown $OWNERSHIP $1
+}
+
 require() 
 {
     eval [ -n "\$$1" ] || fatal_error "Required option $1 not set"
 }
 
-install_file() # $1 = source $2 = target $3 = mode
-{
-    run_install $T $OWNERSHIP -m $3 $1 ${2}
-}
-
+#
+# Change to the directory containing this script
+#
 cd "$(dirname $0)"
 
-PRODUCT=shorewall-init
-
 #
 # Parse the run line
 #
-T='-T'
 
 finished=0
 configure=1
@@ -230,6 +243,8 @@ if [ -z "$BUILD" ]; then
 		BUILD=slackware
 	    elif [ -f /etc/arch-release ] ; then
 		BUILD=archlinux
+	    elif [ -f ${CONFDIR}/openwrt_release ]; then
+		BUILD=openwrt
 	    else
 		BUILD=linux
 	    fi
@@ -237,22 +252,24 @@ if [ -z "$BUILD" ]; then
     esac
 fi
 
-[ -n "$OWNER" ] || OWNER=$(id -un)
-[ -n "$GROUP" ] || GROUP=$(id -gn)
-
 case $BUILD in
     apple)
-	T=
-	;;
-    debian|gentoo|redhat|suse|slackware|archlinux)
+	[ -z "$OWNER" ] && OWNER=root
+	[ -z "$GROUP" ] && GROUP=wheel
 	;;
+    cygwin*|CYGWIN*)
+	OWNER=$(id -un)
+	GROUP=$(id -gn)
+ 	;;
     *)
-	[ -n "$BUILD" ] && echo "ERROR: Unknown BUILD environment ($BUILD)" >&2 || echo "ERROR: Unknown BUILD environment"
-	exit 1
+	if [ $(id -u) -eq 0 ]; then
+	    [ -z "$OWNER" ] && OWNER=root
+	    [ -z "$GROUP" ] && GROUP=root
+	fi
 	;;
 esac
 
-OWNERSHIP="-o $OWNER -g $GROUP"
+[ -n "$OWNER" ] && OWNERSHIP="$OWNER:$GROUP"
 
 [ -n "$HOST" ] || HOST=$BUILD
 
@@ -277,6 +294,9 @@ case "$HOST" in
     suse)
 	echo "Installing SuSE-specific configuration..."
 	;;
+    openwrt)
+	echo "Installing Openwrt-specific configuration..."
+	;;
     linux)
 	echo "ERROR: Shorewall-init is not supported on this system" >&2
 	exit 1
@@ -290,12 +310,12 @@ esac
 [ -z "$TARGET" ] && TARGET=$HOST
 
 if [ -n "$DESTDIR" ]; then
-    if [ `id -u` != 0 ] ; then
+    if [ $(id -u) != 0 ] ; then
 	echo "Not setting file owner/group permissions, not running as root."
 	OWNERSHIP=""
     fi
     
-    install -d $OWNERSHIP -m 755 ${DESTDIR}${INITDIR}
+    make_directory ${DESTDIR}${INITDIR} 0755
 fi
 
 echo "Installing Shorewall Init Version $VERSION"
@@ -311,7 +331,7 @@ fi
 
 if [ -n "$DESTDIR" ]; then
     mkdir -p ${DESTDIR}${CONFDIR}/logrotate.d
-    chmod 755 ${DESTDIR}${CONFDIR}/logrotate.d
+    chmod 0755 ${DESTDIR}${CONFDIR}/logrotate.d
 fi
 
 #
@@ -339,14 +359,14 @@ fi
 if [ -n "$SERVICEDIR" ]; then
     mkdir -p ${DESTDIR}${SERVICEDIR}
     [ -z "$SERVICEFILE" ] && SERVICEFILE=$PRODUCT.service
-    run_install $OWNERSHIP -m 644 $SERVICEFILE ${DESTDIR}${SERVICEDIR}/$PRODUCT.service
+    install_file $SERVICEFILE ${DESTDIR}${SERVICEDIR}/$PRODUCT.service 0644
     [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SERVICEDIR}/$PRODUCT.service
     echo "Service file $SERVICEFILE installed as ${DESTDIR}${SERVICEDIR}/$PRODUCT.service"
     if [ -n "$DESTDIR" -o $configure -eq 0 ]; then
 	mkdir -p ${DESTDIR}${SBINDIR}
-        chmod 755 ${DESTDIR}${SBINDIR}
+        chmod 0755 ${DESTDIR}${SBINDIR}
     fi
-    run_install $OWNERSHIP -m 700 shorewall-init ${DESTDIR}${SBINDIR}/shorewall-init
+    install_file shorewall-init ${DESTDIR}${SBINDIR}/shorewall-init 0700
     [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SBINDIR}/shorewall-init
     echo "CLI installed as ${DESTDIR}${SBINDIR}/shorewall-init"
 fi
@@ -355,13 +375,13 @@ fi
 # Create /usr/share/shorewall-init if needed
 #
 mkdir -p ${DESTDIR}${SHAREDIR}/shorewall-init
-chmod 755 ${DESTDIR}${SHAREDIR}/shorewall-init
+chmod 0755 ${DESTDIR}${SHAREDIR}/shorewall-init
 
 #
 # Install logrotate file
 #
 if [ -d ${DESTDIR}${CONFDIR}/logrotate.d ]; then
-    run_install $OWNERSHIP -m 0644 logrotate ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT
+    install_file logrotate ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT 0644
     echo "Logrotate file installed as ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT"
 fi
 
@@ -369,7 +389,7 @@ fi
 # Create the version file
 #
 echo "$VERSION" > ${DESTDIR}/${SHAREDIR}/shorewall-init/version
-chmod 644 ${DESTDIR}${SHAREDIR}/shorewall-init/version
+chmod 0644 ${DESTDIR}${SHAREDIR}/shorewall-init/version
 
 #
 # Remove and create the symbolic link to the init script
@@ -392,7 +412,7 @@ if [ $HOST = debian ]; then
 
     if [ ! -f ${DESTDIR}${CONFDIR}/default/shorewall-init ]; then
 	if [ -n "${DESTDIR}" ]; then
-	    mkdir ${DESTDIR}${ETC}/default
+	    mkdir -p ${DESTDIR}${ETC}/default
 	fi
 
 	[ $configure -eq 1 ] || mkdir -p ${DESTDIR}${CONFDIR}/default
@@ -412,6 +432,9 @@ else
 	    elif [ $HOST = gentoo ]; then
 		# Gentoo does not support if-{up,down}.d
 		/bin/true
+	    elif [ $HOST = openwrt ]; then
+		# Not implemented on openwrt
+		/bin/true
 	    else
 		mkdir -p ${DESTDIR}/${ETC}/NetworkManager/dispatcher.d
 	    fi
@@ -419,8 +442,8 @@ else
     fi
 
     if [ -n "$SYSCONFFILE" -a ! -f ${DESTDIR}${SYSCONFDIR}/${PRODUCT} ]; then
-	run_install $OWNERSHIP -m 0644 ${SYSCONFFILE} ${DESTDIR}${SYSCONFDIR}/$PRODUCT
-	echo "$SYSCONFFILE installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
+	install_file ${SYSCONFFILE} ${DESTDIR}${SYSCONFDIR}/$PRODUCT 0644
+	echo "${SYSCONFFILE} file installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
     fi
 
     [ $HOST = suse ] && IFUPDOWN=ifupdown.suse.sh || IFUPDOWN=ifupdown.fedora.sh
@@ -430,13 +453,15 @@ fi
 # Install the ifupdown script
 #
 
-cp $IFUPDOWN ifupdown
+if [ $HOST != openwrt ]; then
+    cp $IFUPDOWN ifupdown
 
-[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ifupdown
+    [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ifupdown
 
-mkdir -p ${DESTDIR}${LIBEXECDIR}/shorewall-init
+    mkdir -p ${DESTDIR}${LIBEXECDIR}/shorewall-init
 
-install_file ifupdown ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown 0544
+    install_file ifupdown ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown 0544
+fi
 
 if [ -d ${DESTDIR}/etc/NetworkManager ]; then
     [ $configure -eq 1 ] || mkdir -p ${DESTDIR}${CONFDIR}/NetworkManager/dispatcher.d/
@@ -489,7 +514,7 @@ case $HOST in
 esac
 
 if [ -z "$DESTDIR" ]; then
-    if [ $configure -eq 1 -a -n "$first_install" ]; then
+    if [ $configure -eq 1 -a -n "first_install" ]; then
 	if [ $HOST = debian ]; then
 	    if [ -n "$SERVICEDIR" ]; then
 		if systemctl enable ${PRODUCT}.service; then
@@ -511,6 +536,13 @@ if [ -z "$DESTDIR" ]; then
 	    else
 		cant_autostart
 	    fi
+	elif [ $HOST = openwrt -a -f ${CONFDIR}/rc.common ]; then
+	    /etc/init.d/$PRODUCT enable
+	    if /etc/init.d/$PRODUCT enabled; then
+		echo "$Product will start automatically at boot"
+	    else
+		cant_autostart
+	    fi
 	elif [ $HOST = gentoo ]; then
 	    # On Gentoo, a service must be enabled manually by the user,
 	    # not by the installer
@@ -539,6 +571,13 @@ if [ -z "$DESTDIR" ]; then
 		else
 		    cant_autostart
 		fi
+	    elif [ $HOST = openwrt -a -f ${CONFDIR}/rc.common ]; then
+		/etc/init.d/$PRODUCT enable
+		if /etc/init.d/shorewall-init enabled; then
+		    echo "$Product will start automatically at boot"
+		else
+		    cant_autostart
+		fi
 	    else
 		cant_autostart
 	    fi
@@ -546,7 +585,7 @@ if [ -z "$DESTDIR" ]; then
     fi
 else
     if [ $configure -eq 1 -a -n "$first_install" ]; then
-	if [ $HOST = debian ]; then
+	if [ $HOST = debian -a -z "$SERVICEDIR" ]; then
 	    if [ -n "${DESTDIR}" ]; then
 		mkdir -p ${DESTDIR}/etc/rcS.d
 	    fi

Shorewall-init/shorewall-init.service

@@ -5,7 +5,8 @@
 #
 [Unit]
 Description=Shorewall firewall (bootup security)
-Before=network.target
+Before=network-pre.target
+Wants=network-pre.target
 
 [Service]
 Type=oneshot

Shorewall-init/shorewall-init.service.214

@@ -1,20 +0,0 @@
-#
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
-#
-#     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
-#
-[Unit]
-Description=Shorewall firewall (bootup security)
-Before=network-pre.target
-Wants=network-pre.target
-
-[Service]
-Type=oneshot
-RemainAfterExit=yes
-EnvironmentFile=-/etc/sysconfig/shorewall-init
-StandardOutput=syslog
-ExecStart=/sbin/shorewall-init start
-ExecStop=/sbin/shorewall-init stop
-
-[Install]
-WantedBy=basic.target

Shorewall-init/shorewall-init.service.214.debian

@@ -1,21 +0,0 @@
-#
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
-#
-#     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
-#     Copyright 2015 Tom Eastep <teastep@shorewall.net>
-#
-[Unit]
-Description=Shorewall firewall (bootup security)
-Before=network-pre.target
-Wants=network-pre.target
-
-[Service]
-Type=oneshot
-RemainAfterExit=yes
-EnvironmentFile=-/etc/default/shorewall-init
-StandardOutput=syslog
-ExecStart=/sbin/shorewall-init start
-ExecStop=/sbin/shorewall-init stop
-
-[Install]
-WantedBy=basic.target

Shorewall-init/uninstall.sh

@@ -2,7 +2,7 @@
 #
 # Script to back uninstall Shoreline Firewall
 #
-#     (c) 2000-2014 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.sourceforge.net
 #
@@ -27,6 +27,8 @@
 #       shown below. Simply run this script to remove Shorewall Firewall
 
 VERSION=xxx  #The Build script inserts the actual version
+PRODUCT=shorewall-init
+Product="Shorewall Init"
 
 usage() # $1 = exit status
 {
@@ -75,6 +77,11 @@ remove_file() # $1 = file to restore
     fi
 }
 
+#
+# Change to the directory containing this script
+#
+cd "$(dirname $0)"
+
 finished=0
 configure=1
 
@@ -162,7 +169,11 @@ INITSCRIPT=${CONFDIR}/init.d/shorewall-init
 
 if [ -f "$INITSCRIPT" ]; then
     if [ $configure -eq 1 ]; then
-	if mywhich updaterc.d ; then
+	if [ $HOST = openwrt ]; then
+	    if /etc/init.d/shorewall-init enabled; then
+		/etc/init.d/shorewall-init disable
+	    fi
+	elif mywhich updaterc.d ; then
 	    updaterc.d shorewall-init remove
 	elif mywhich insserv ; then
             insserv -r $INITSCRIPT
@@ -183,8 +194,13 @@ if [ -n "$SERVICEDIR" ]; then
     rm -f $SERVICEDIR/shorewall-init.service
 fi
 
-[ "$(readlink -m -q ${SBINDIR}/ifup-local)"   = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifup-local
-[ "$(readlink -m -q ${SBINDIR}/ifdown-local)" = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifdown-local
+if [ $HOST = openwrt ]; then
+    [ "$(readlink -q ${SBINDIR}/ifup-local)"   = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifup-local
+    [ "$(readlink -q ${SBINDIR}/ifdown-local)" = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifdown-local
+else
+    [ "$(readlink -m -q ${SBINDIR}/ifup-local)"   = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifup-local
+    [ "$(readlink -m -q ${SBINDIR}/ifdown-local)" = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifdown-local
+fi
 
 remove_file ${CONFDIR}/default/shorewall-init
 remove_file ${CONFDIR}/sysconfig/shorewall-init
@@ -198,8 +214,6 @@ remove_file ${CONFDIR}/network/if-post-down.d/shorewall
 remove_file ${CONFDIR}/sysconfig/network/if-up.d/shorewall
 remove_file ${CONFDIR}/sysconfig/network/if-down.d/shorewall
 
-[ -n "$SYSTEMD" ] && remove_file ${SYSTEMD}/shorewall.service
-
 if [ -d ${CONFDIR}/ppp ]; then
     for directory in ip-up.d ip-down.d ipv6-up.d ipv6-down.d; do
 	remove_file ${CONFDIR}/ppp/$directory/shorewall

Shorewall-lite/README.txt

@@ -1 +0,0 @@
-This is the Shorewall-lite stable 4.4 branch of Git.

Shorewall-lite/default.openwrt

@@ -1,25 +0,0 @@
-# sysV init file script configuration(/etc/sysconfdir/shorewall-lite)
-
-# startup option(default "-vvv")
-OPTIONS=
-
-# change default start run level(if none empty; /etc/init.d/shorewall-lite enable)
-START=50
-
-# change default stop run level(if none empty; /etc/init.d/shorewall-lite enable)
-STOP=
-
-# option to pass when shorewall start is executed
-STARTOPTIONS=
-
-# option to pass when shorewall restart is executed
-RESTARTOPTIONS=
-
-# option to pass when shorewall reload is executed
-RELOADOPTIONS=
-
-# option to pass when shorewall stop is executed
-STOPOPTIONS=
-
-# option to pass when shorewall status is executed
-STATUSOPTIONS=

Shorewall-lite/init.debian.sh

@@ -5,7 +5,7 @@
 # Required-Start:    $network $remote_fs
 # Required-Stop:     $network $remote_fs
 # Default-Start:     S
-# Default-Stop:      0 6
+# Default-Stop:      0 1 6
 # Short-Description: Configure the firewall at boot time
 # Description:       Configure the firewall according to the rules specified in
 #                    /etc/shorewall-lite
@@ -92,10 +92,11 @@ shorewall_start () {
 
 # stop the firewall
 shorewall_stop () {
-  echo -n "Stopping \"Shorewall firewall\": "
   if [ "$SAFESTOP" = 1 ]; then
+      echo -n "Stopping \"Shorewall Lite firewall\": "
       $SRWL $SRWL_OPTS stop >> $INITLOG 2>&1 && echo "done." || echo_notdone
   else
+      echo -n "Clearing all \"Shorewall Lite firewall\" rules: "
       $SRWL $SRWL_OPTS clear >> $INITLOG 2>&1 && echo "done." || echo_notdone
   fi
   return 0

Shorewall-lite/init.openwrt.sh

@@ -32,25 +32,24 @@
 #	   shorewall-lite start			  Starts the firewall
 #	   shorewall-lite restart		  Restarts the firewall
 #	   shorewall-lite reload		  Reload the firewall
-#						  (same as restart)
 #	   shorewall-lite stop			  Stops the firewall
 #	   shorewall-lite status		  Displays firewall status
 #
 
 # description: Packet filtering firewall
 
-# openwrt stuph
-# start and stop runlevel variable
-#START=21
-#STOP=91
-# variable to display what the status command do when /etc/init.d/shorewall-lite is invoke without argument
+# Openwrt related
+# Start and stop runlevel variable
+START=50
+STOP=89
+# Displays the status command
 EXTRA_COMMANDS="status"
-EXTRA_HELP="Displays shorewall status"
+EXTRA_HELP=" status Displays firewall status"
 
 ################################################################################
 # Get startup options (override default)
 ################################################################################
-OPTIONS="-vvv"
+OPTIONS=
 
 #
 # The installer may alter this
@@ -61,38 +60,35 @@ if [ -f ${SYSCONFDIR}/shorewall-lite ]; then
     . ${SYSCONFDIR}/shorewall-lite
 fi
 
-START=${START:-21}
-STOP=${STOP:-91}
-
 SHOREWALL_INIT_SCRIPT=1
 
 ################################################################################
 # E X E C U T I O N    B E G I N S   H E R E				       #
 ################################################################################
-# arg1 of init script is arg2 when rc.common is sourced; set to action variable
+# Arg1 of init script is arg2 when rc.common is sourced; set to action variable
 command="$action"
 
 start() {
-	exec ${SBINDIR}/shorewall-lite $OPTIONS $command ${STARTOPTIONS:-$@}
+	exec ${SBINDIR}/shorewall-lite $OPTIONS $command $STARTOPTIONS
 }
 
 boot() {
-local command="start"
-start
+	local command="start"
+	start
 }
 
 restart() {
-	exec ${SBINDIR}/shorewall-lite $OPTIONS $command ${RESTARTOPTIONS:-$@}
+	exec ${SBINDIR}/shorewall-lite $OPTIONS $command $RESTARTOPTIONS
 }
 
 reload() {
-	exec ${SBINDIR}/shorewall-lite $OPTIONS $command ${RELOADOPTION:-$@}
+	exec ${SBINDIR}/shorewall-lite $OPTIONS $command $RELOADOPTION
 }
 
 stop() {
-	exec ${SBINDIR}/shorewall-lite $OPTIONS $command ${STOPOPTIONS:-$@}
+	exec ${SBINDIR}/shorewall-lite $OPTIONS $command $STOPOPTIONS
 }
 
 status() {
-	exec ${SBINDIR}/shorewall-lite $OPTIONS $command ${STATUSOPTIONS:-$@}
+	exec ${SBINDIR}/shorewall-lite $OPTIONS $command $@
 }

Shorewall-lite/install.sh

@@ -2,7 +2,7 @@
 #
 # Script to install Shoreline Firewall Lite
 #
-#     (c) 2000-2011,2014 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
@@ -495,7 +495,7 @@ done
 # Install the Man Pages
 #
 
-if [ -d manpages ]; then
+if [ -d manpages -a -n "$MANDIR" ]; then
     cd manpages
 
     mkdir -p ${DESTDIR}${MANDIR}/man5/ ${DESTDIR}${MANDIR}/man8/
@@ -550,7 +550,7 @@ if [ -n "$SYSCONFFILE" -a -f "$SYSCONFFILE" -a ! -f ${DESTDIR}${SYSCONFDIR}/${PR
     fi
 
     install_file ${SYSCONFFILE} ${DESTDIR}${SYSCONFDIR}/${PRODUCT} 0640
-    echo "$SYSCONFFILE installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
+    echo "$SYSCONFFILE file installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
 fi
 
 if [ ${SHAREDIR} != /usr/share ]; then

Shorewall-lite/manpages/shorewall-lite.xml

@@ -47,6 +47,19 @@
       <arg choice="plain"><replaceable>address</replaceable></arg>
     </cmdsynopsis>
 
+    <cmdsynopsis>
+      <command>shorewall-lite</command>
+
+      <arg
+      choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
+
+      <arg>-<replaceable>options</replaceable></arg>
+
+      <arg choice="plain"><option>blacklist</option></arg>
+
+      <arg choice="plain"><replaceable>address</replaceable></arg>
+    </cmdsynopsis>
+
     <cmdsynopsis>
       <command>shorewall-lite</command>
 
@@ -689,7 +702,45 @@
           blacklisted by a <emphasis role="bold">drop</emphasis>, <emphasis
           role="bold">logdrop</emphasis>, <emphasis
           role="bold">reject</emphasis>, or <emphasis
-          role="bold">logreject</emphasis> command.</para>
+          role="bold">logreject</emphasis> command. Beginning with Shorewall
+          5.0.10, this command can also re-enable addresses blacklisted using
+          the <command>blacklist</command> command.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><emphasis role="bold">blacklist</emphasis>
+        <replaceable>address</replaceable> [ <replaceable>option</replaceable>
+        ... ]</term>
+
+        <listitem>
+          <para>Added in Shorewall 5.0.8 and requires
+          DYNAMIC_BLACKLIST=ipset.. in <ulink
+          url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).
+          Causes packets from the given host or network
+          <replaceable>address</replaceable> to be dropped, based on the
+          setting of BLACKLIST in <ulink
+          url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5). The
+          <replaceable>address</replaceable> along with any
+          <replaceable>option</replaceable>s are passed to the <command>ipset
+          add</command> command.</para>
+
+          <para>If the <option>disconnect</option> option is specified in the
+          DYNAMIC_BLACKLISTING setting, then the effective VERBOSITY
+          determines the amount of information displayed:</para>
+
+          <itemizedlist>
+            <listitem>
+              <para>If the effective verbosity is &gt; 0, then a message
+              giving the number of conntrack flows deleted by the command is
+              displayed.</para>
+            </listitem>
+
+            <listitem>
+              <para>If the effective verbosity is &gt; 1, then the conntrack
+              table entries deleted by the command are also displayed.</para>
+            </listitem>
+          </itemizedlist>
         </listitem>
       </varlistentry>
 
@@ -1553,6 +1604,34 @@
     started.</para>
   </refsect1>
 
+  <refsect1>
+    <title>ENVIRONMENT</title>
+
+    <para>Two environmental variables are recognized by Shorewall-lite:</para>
+
+    <variablelist>
+      <varlistentry>
+        <term>SHOREWALL_INIT_SCRIPT</term>
+
+        <listitem>
+          <para>When set to 1, causes Std out to be redirected to the file
+          specified in the STARTUP_LOG option in <ulink
+          url="shorewall.conf.html">shorewall.conf(5)</ulink>.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>SW_LOGGERTAG</term>
+
+        <listitem>
+          <para>Added in Shorewall 5.0.8. When set to a non-empty value, that
+          value is passed to the logger utility in its -t (--tag)
+          option.</para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
   <refsect1>
     <title>FILES</title>
 

Shorewall-lite/shorewall-lite.service.214

@@ -1,21 +0,0 @@
-#
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
-#
-#     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
-#
-[Unit]
-Description=Shorewall IPv4 firewall (lite)
-Wants=network-online.target
-After=network-online.target
-Conflicts=iptables.service firewalld.service
-
-[Service]
-Type=oneshot
-RemainAfterExit=yes
-EnvironmentFile=-/etc/sysconfig/shorewall-lite
-StandardOutput=syslog
-ExecStart=/sbin/shorewall-lite $OPTIONS start $STARTOPTIONS
-ExecStop=/sbin/shorewall-lite $OPTIONS stop
-
-[Install]
-WantedBy=basic.target

Shorewall-lite/sysconfig

@@ -0,0 +1,26 @@
+#
+# Global start/restart/reload/stop options
+#
+OPTIONS=""
+
+#
+# Start options
+#
+STARTOPTIONS=""
+
+#
+# Restart options
+#
+RESTARTOPTIONS=""
+
+#
+# Reload options
+#
+RELOADOPTIONS=""
+
+#
+# Stop options
+#
+STOPOPTIONS=""
+
+# EOF

Shorewall-lite/uninstall.sh

@@ -2,7 +2,7 @@
 #
 # Script to back uninstall Shoreline Firewall
 #
-#     (c) 2000-2011,2014 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.sourceforge.net
 #
@@ -28,6 +28,7 @@
 
 VERSION=xxx  #The Build script inserts the actual version
 PRODUCT=shorewall-lite
+Product="Shorewall Lite"
 
 usage() # $1 = exit status
 {
@@ -205,14 +206,16 @@ fi
 rm -f ${SBINDIR}/shorewall-lite
 
 rm -rf ${CONFDIR}/shorewall-lite
-rm -rf ${VARDIR}/shorewall-lite
+rm -rf ${VARDIR}
 rm -rf ${SHAREDIR}/shorewall-lite
 rm -rf ${LIBEXECDIR}/shorewall-lite
 rm -f  ${CONFDIR}/logrotate.d/shorewall-lite
 rm -f  ${SYSCONFDIR}/shorewall-lite
 
-rm -f ${MANDIR}/man5/shorewall-lite*
-rm -f ${MANDIR}/man8/shorewall-lite*
+if [ -n "${MANDIR}" ]; then
+    rm -f ${MANDIR}/man5/shorewall-lite*
+    rm -f ${MANDIR}/man8/shorewall-lite*
+fi
 
 echo "Shorewall Lite Uninstalled"
 

Shorewall/Macros/macro.AMQP

@@ -1,12 +1,10 @@
 #
-# Shorewall - AMQP Macro
+# Shorewall -- /usr/share/shorewall/macro.AMQP
 #
-# /usr/share/shorewall/macro.AMQP
-#
-#	This macro handles AMQP traffic.
+# This macro handles AMQP traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	5672
 PARAM	-	-	udp	5672

Shorewall/Macros/macro.A_AllowICMPs

@@ -1,13 +1,10 @@
 #
-# Shorewall - Audited AllowICMPs Macro
+# Shorewall -- /usr/share/shorewall/macro.A_AllowICMPs
 #
-# /usr/share/shorewall/macro.A_AllowICMPs
-#
-#	This macro A_ACCEPTs needed ICMP types
+# This macro audits and accepts needed ICMP types.
 #
 ###############################################################################
-#ACTION		SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#					PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION		SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE
 
 ?COMMENT Needed ICMP types
 

Shorewall/Macros/macro.A_DropDNSrep

@@ -1,13 +1,10 @@
 #
-# Shorewall - Audited DropDNSrep Macro
+# Shorewall -- /usr/share/shorewall/macro.A_DropDNSrep
 #
-# /usr/share/shorewall/macro.A_DropDNSrep
-#
-#	This macro silently audites and drops DNS UDP replies
+# This macro audits and drops DNS UDP replies.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 
 ?COMMENT Late DNS Replies
 

Shorewall/Macros/macro.A_DropUPnP

@@ -1,13 +1,10 @@
 #
-# Shorewall - ADropUPnP Macro
+# Shorewall -- /usr/share/shorewall/macro.A_DropUPnP
 #
-# /usr/share/shorewall/macro.A_DropUPnP
-#
-#	This macro silently drops UPnP probes on UDP port 1900
+# This macro audits and drops UPnP probes on UDP port 1900.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 
 ?COMMENT UPnP
 

Shorewall/Macros/macro.ActiveDir

@@ -1,16 +1,13 @@
 #
-# Shorewall - Samba 4 Macro
-#
-# /usr/share/shorewall/macro.ActiveDir
-#
-#       This macro handles ports for Samba 4 Active Directory Service
-#
-# You can comment out the ports you do not want open
+# Shorewall -- /usr/share/shorewall/macro.ActiveDir
 #
+# This macro handles ports for Samba 4 Active Directory Service.
+# You can copy this file to /etc/shorewall[6]/ and comment out the ports you
+# do not want open.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM   -       -       tcp     389 	#LDAP services
 PARAM   -       -       udp	389  
 PARAM   -       -       tcp     636	#LDAP SSL

Shorewall/Macros/macro.AllowICMPs

@@ -1,13 +1,10 @@
 #
-# Shorewall - AllowICMPs Macro
+# Shorewall -- /usr/share/shorewall/macro.AllowICMPs
 #
-# /usr/share/shorewall/macro.AllowICMPs
-#
-#	This macro ACCEPTs needed ICMP types
+# This macro ACCEPTs needed ICMP types.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 
 ?COMMENT Needed ICMP types
 

Shorewall/Macros/macro.Amanda

@@ -1,15 +1,12 @@
 #
-# Shorewall - Amanda Macro
+# Shorewall -- /usr/share/shorewall/macro.Amanda
 #
-# /usr/share/shorewall/macro.Amanda
-#
-#	This macro handles connections required by the AMANDA backup system
-#	to back up remote nodes.  It does not provide the ability to restore
-#	files from those nodes.
+# This macro handles connections required by the AMANDA backup system
+# to back up remote nodes.  It does not provide the ability to restore
+# files from those nodes.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __AMANDA_HELPER )
  PARAM	-	-	udp	10080 { helper=amanda }

Shorewall/Macros/macro.Auth

@@ -1,11 +1,9 @@
 #
-# Shorewall - Auth Macro
+# Shorewall -- /usr/share/shorewall/macro.Auth
 #
-# /usr/share/shorewall/macro.Auth
-#
-#	This macro handles Auth (identd) traffic.
+# This macro handles Auth (identd) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	113

Shorewall/Macros/macro.BGP

@@ -1,11 +1,9 @@
 #
-# Shorewall - BGP Macro
+# Shorewall -- /usr/share/shorewall/macro.BGP
 #
-# /usr/share/shorewall/macro.BGP
-#
-#	This macro handles BGP4 traffic.
+# This macro handles BGP4 traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	179	# BGP4

Shorewall/Macros/macro.BLACKLIST

@@ -1,13 +1,11 @@
 #
-# Shorewall - blacklist Macro
+# Shorewall -- /usr/share/shorewall/macro.blacklist
 #
-# /usr/share/shorewall/macro.blacklist
-#
-#	This macro handles blacklisting using BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL
+# This macro handles blacklisting using BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 ?if $BLACKLIST_LOGLEVEL
 blacklog
 ?else

Shorewall/Macros/macro.BitTorrent

@@ -1,19 +1,16 @@
 #
-# Shorewall - BitTorrent Macro
+# Shorewall -- /usr/share/shorewall/macro.BitTorrent
 #
-# /usr/share/shorewall/macro.BitTorrent
+# This macro handles BitTorrent traffic for BitTorrent 3.1 and earlier.
 #
-#	This macro handles BitTorrent traffic for BitTorrent 3.1 and earlier.
-#
-#	If you are running BitTorrent 3.2 or later, you should use the
-#	BitTorrent32 macro.
+# If you are running BitTorrent 3.2 or later, you should use the
+# BitTorrent32 macro.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	6881:6889
 #
 # It may also be necessary to allow UDP traffic:
 #
 PARAM	-	-	udp	6881
-#

Shorewall/Macros/macro.BitTorrent32

@@ -1,16 +1,13 @@
 #
-# Shorewall - BitTorrent 3.2 Macro
+# Shorewall -- /usr/share/shorewall/macro.BitTorrent32
 #
-# /usr/share/shorewall/macro.BitTorrent32
-#
-#	This macro handles BitTorrent traffic for BitTorrent 3.2 and later.
+# This macro handles BitTorrent traffic for BitTorrent 3.2 and later.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	6881:6999
 #
 # It may also be necessary to allow UDP traffic:
 #
 PARAM	-	-	udp	6881
-#

Shorewall/Macros/macro.CVS

@@ -1,11 +1,9 @@
 #
-# Shorewall - CVS Macro
+# Shorewall -- /usr/share/shorewall/macro.CVS
 #
-# /usr/share/shorewall/macro.CVS
-#
-#	This macro handles connections to the CVS pserver.
+# This macro handles connections to the CVS pserver.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	2401

Shorewall/Macros/macro.Citrix

@@ -1,14 +1,12 @@
 #
-# Shorewall - Citrix/ICA Macro
+# Shorewall -- /usr/share/shorewall/macro.Citrix
 #
-# /usr/share/shorewall/macro.Citrix
-#
-#	This macro handles Citrix/ICA traffic (ICA, ICA Browser, CGP a.k.a.
-#	ICA Session Reliability)
+# This macro handles Citrix/ICA traffic (ICA, ICA Browser, CGP a.k.a.
+# ICA Session Reliability)
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	1494	# ICA
 PARAM	-	-	udp	1604	# ICA Browser
 PARAM	-	-	tcp	2598	# CGP Session Reliabilty

Shorewall/Macros/macro.DAAP

@@ -1,13 +1,11 @@
 #
-# Shorewall - DAAP Macro
+# Shorewall -- /usr/share/shorewall/macro.DAAP
 #
-# /usr/share/shorewall/macro.DAAP
-#
-#	This macro handles DAAP (Digital Audio Access Protocol) traffic.
-#	The protocol is used by iTunes, Rythmbox and other similar daemons.
+# This macro handles DAAP (Digital Audio Access Protocol) traffic.
+# The protocol is used by iTunes, Rythmbox and other similar daemons.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	3689
 PARAM	-	-	udp	3689

Shorewall/Macros/macro.DCC

@@ -1,12 +1,10 @@
 #
-# Shorewall - DCC Macro
+# Shorewall -- /usr/share/shorewall/macro.DCC
 #
-# /usr/share/shorewall/macro.DCC
-#
-#	This macro handles DCC (Distributed Checksum Clearinghouse) traffic.
-#	DCC is a distributed spam filtering mechanism.
+# This macro handles DCC (Distributed Checksum Clearinghouse) traffic.
+# DCC is a distributed spam filtering mechanism.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	6277

Shorewall/Macros/macro.DHCPfwd

@@ -1,12 +1,10 @@
 #
-# Shorewall - DHCPfwd Macro
+# Shorewall -- /usr/share/shorewall/macro.DHCPfwd
 #
-# /usr/share/shorewall/macro.DHCPfwd
-#
-#	This macro (bidirectional) handles forwarded DHCP traffic
+# This macro (bidirectional) handles forwarded DHCP traffic
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	67:68	67:68	# DHCP
 PARAM	DEST	SOURCE	udp	67:68	67:68	# DHCP

Shorewall/Macros/macro.DNS

@@ -1,12 +1,10 @@
 #
-# Shorewall - DNS Macro
+# Shorewall --  /usr/share/shorewall/macro.DNS
 #
-# /usr/share/shorewall/macro.DNS
-#
-#	This macro handles DNS traffic.
+# This macro handles DNS traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	53
 PARAM	-	-	tcp	53

Shorewall/Macros/macro.Distcc

@@ -1,11 +1,9 @@
 #
-# Shorewall - Distcc Macro
+# Shorewall -- /usr/share/shorewall/macro.Distcc
 #
-# /usr/share/shorewall/macro.Distcc
-#
-#	This macro handles connections to the Distributed Compiler service.
+# This macro handles connections to the Distributed Compiler service.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	3632

Shorewall/Macros/macro.Drop

@@ -1,18 +1,15 @@
 #
-# Shorewall - Drop Macro
+# Shorewall -- /usr/share/shorewall/macro.Drop
 #
-# /usr/share/shorewall/macro.Drop
+# This macro generates the same rules as the Drop default action
+# It is used in place of action.Drop when USE_ACTIONS=No.
 #
-#	This macro generates the same rules as the Drop default action
-#	It is used in place of action.Drop when USE_ACTIONS=No.
+# Example:
 #
-#	Example:
-#
-#		Drop	net	all
+#	Drop	net	all
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 #
 # Don't log 'auth' DROP
 #

Shorewall/Macros/macro.DropDNSrep

@@ -1,13 +1,10 @@
 #
-# Shorewall - DropDNSrep Macro
+# Shorewall -- /usr/share/shorewall/macro.DropDNSrep
 #
-# /usr/share/shorewall/macro.DropDNSrep
-#
-#	This macro silently drops DNS UDP replies
+# This macro silently drops DNS UDP replies
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 
 ?COMMENT Late DNS Replies
 

Shorewall/Macros/macro.DropUPnP

@@ -1,13 +1,10 @@
 #
-# Shorewall - DropUPnP Macro
+# Shorewall -- /usr/share/shorewall/macro.DropUPnP
 #
-# /usr/share/shorewall/macro.DropUPnP
-#
-#	This macro silently drops UPnP probes on UDP port 1900
+# This macro silently drops UPnP probes on UDP port 1900
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 
 ?COMMENT UPnP
 

Shorewall/Macros/macro.Edonkey

@@ -1,34 +1,31 @@
 #
-# Shorewall - Edonkey Macro
+# Shorewall -- /usr/share/shorewall/macro.Edonkey
 #
-# /usr/share/shorewall/macro.Edonkey
+# This macro handles Edonkey traffic.
 #
-#	This macro handles Edonkey traffic.
+# http://www.portforward.com/english/routers/port_forwarding/2wire/1000s/eDonkey.htm
+# says to use udp 5737 rather than 4665.
 #
+# http://www.amule.org/wiki/index.php/FAQ_ed2k says this:
 #
-#	http://www.portforward.com/english/routers/port_forwarding/2wire/1000s/eDonkey.htm
-#	says to use udp 5737 rather than 4665.
+# 4661 TCP (outgoing) Port, on which a server listens for connection
+# (defined by server).
 #
-#	http://www.amule.org/wiki/index.php/FAQ_ed2k says this:
+# 4665 UDP (outgoing) used for global server searches and global source
+# queries. This is always Server TCP port (in this case 4661) + 4.
 #
-#	4661 TCP (outgoing) Port, on which a server listens for connection
-#	(defined by server).
+# 4662 TCP (outgoing and incoming) Client to client transfers.
 #
-#	4665 UDP (outgoing) used for global server searches and global source
-#	queries. This is always Server TCP port (in this case 4661) + 4.
+# 4672 UDP (outgoing and incoming) Extended eMule protocol, Queue
+# Rating, File Reask Ping
 #
-#	4662 TCP (outgoing and incoming) Client to client transfers.
+# 4711 TCP WebServer listening port.
 #
-#	4672 UDP (outgoing and incoming) Extended eMule protocol, Queue
-#	Rating, File Reask Ping
-#
-#	4711 TCP WebServer listening port.
-#
-#	4712 TCP External Connection port. Used to communicate aMule with other
-#	applications such as aMule WebServer or aMuleCMD.
+# 4712 TCP External Connection port. Used to communicate aMule with other
+# applications such as aMule WebServer or aMuleCMD.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	4662
 PARAM	-	-	udp	4665

Shorewall/Macros/macro.FTP

@@ -1,13 +1,11 @@
 #
-# Shorewall - FTP Macro
+# Shorewall -- /usr/share/shorewall/macro.FTP
 #
-# /usr/share/shorewall/macro.FTP
-#
-#	This macro handles FTP traffic.
+# This macro handles FTP traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __FTP_HELPER  )
  PARAM	-	-	tcp	21 { helper=ftp }
 ?else

Shorewall/Macros/macro.Finger

@@ -1,12 +1,10 @@
 #
-# Shorewall - Finger Macro
+# Shorewall -- /usr/share/shorewall/macro.Finger
 #
-# /usr/share/shorewall/macro.Finger
-#
-#	This macro handles Finger protocol. You should not generally open
-#	your finger information to internet.
+# This macro handles Finger protocol.
+# You should not generally open your finger information to internet.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	79

Shorewall/Macros/macro.GNUnet

@@ -1,13 +1,11 @@
 #
-# Shorewall - GNUnet Macro
+# Shorewall -- /usr/share/shorewall/macro.GNUnet
 #
-# /usr/share/shorewall/macro.GNUnet
-#
-#	This macro handles GNUnet (secure peer-to-peer networking) traffic.
+# This macro handles GNUnet (secure peer-to-peer networking) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	2086
 PARAM	-	-	udp	2086
 PARAM	-	-	tcp	1080

Shorewall/Macros/macro.GRE

@@ -1,13 +1,10 @@
 #
-# Shorewall - GRE Macro
+# Shorewall -- /usr/share/shorewall/macro.GRE
 #
-# /usr/share/shorewall/macro.GRE
-#
-#	This macro (bi-directional) handles Generic Routing Encapsulation
-#	traffic (RFC 1701)
+# This macro (bidirectional) handles Generic Routing Encapsulation (GRE).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	47	# GRE
 PARAM	DEST	SOURCE	47	# GRE

Shorewall/Macros/macro.Git

@@ -1,11 +1,9 @@
 #
-# Shorewall - Git Macro
+# Shorewall -- /usr/share/shorewall/macro.Git
 #
-# /usr/share/shorewall/macro.Git
-#
-#	This macro handles Git traffic.
+# This macro handles Git traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	9418

Shorewall/Macros/macro.Gnutella

@@ -1,12 +1,10 @@
 #
-# Shorewall - Gnutella Macro
+# Shorewall -- /usr/share/shorewall/macro.Gnutella
 #
-# /usr/share/shorewall/macro.Gnutella
-#
-#	This macro handles Gnutella traffic.
+# This macro handles Gnutella traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	6346
 PARAM	-	-	udp	6346

Shorewall/Macros/macro.Goto-Meeting

@@ -1,12 +1,11 @@
 #
-# Shorewall - Citrix/Goto Meeting macro
+# Shorewall -- /usr/share/shorewall/macro.Goto-Meeting
 #
-# /usr/share/shorewall/macro.Goto-Meeting
-#          by Eric Teeter
-#       This macro handles Citrix/Goto Meeting
-#       Assumes that ports 80 and 443 are already open
-#       If needed, use the macros that open Http and Https to reduce redundancy
-####################################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-PARAM      -    -       tcp     8200    # Goto Meeting only needed (TCP outbound)
+# This macro handles Citrix/Goto Meeting.
+#
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
+PARAM      -    -       tcp     8200    # Goto Meeting only needed outbound
+HTTP
+HTTPS

Shorewall/Macros/macro.HKP

@@ -1,11 +1,9 @@
 #
-# Shorewall - HKP Macro
+# Shorewall -- /usr/share/shorewall/macro.HKP
 #
-# /usr/share/shorewall/macro.HKP
-#
-#	This macro handles OpenPGP HTTP keyserver protocol traffic.
+# This macro handles OpenPGP HTTP keyserver protocol traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	11371

Shorewall/Macros/macro.HTTP

@@ -1,11 +1,9 @@
 #
-# Shorewall - HTTP Macro
+# Shorewall -- /usr/share/shorewall/macro.HTTP
 #
-# /usr/share/shorewall/macro.HTTP
-#
-#	This macro handles plaintext HTTP (WWW) traffic.
+# This macro handles plaintext HTTP (WWW) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	80

Shorewall/Macros/macro.HTTPS

@@ -1,11 +1,9 @@
 #
-# Shorewall - HTTPS Macro
+# Shorewall -- /usr/share/shorewall/macro.HTTPS
 #
-# /usr/share/shorewall/macro.HTTPS
-#
-#	This macro handles HTTPS (WWW over SSL) traffic.
+# This macro handles HTTPS (WWW over TLS) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	443

Shorewall/Macros/macro.ICPV2

@@ -1,11 +1,9 @@
 #
-# Shorewall - ICPV2 Macro
+# Shorewall - /usr/share/shorewall/macro.ICPV2
 #
-# /usr/share/shorewall/macro.ICPV2
-#
-#	This macro handles Internet Cache Protocol V2 (Squid) traffic
+# This macro handles Internet Cache Protocol V2 (Squid) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	3130

Shorewall/Macros/macro.ICQ

@@ -1,11 +1,9 @@
 #
-# Shorewall - ICQ Macro
+# Shorewall -- /usr/share/shorewall/macro.ICQ
 #
-# /usr/share/shorewall/macro.ICQ
-#
-#	This macro handles ICQ, now called AOL Instant Messenger (or AIM).
+# This macro handles ICQ, now called AOL Instant Messenger (or AIM).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	5190

Shorewall/Macros/macro.ILO

@@ -1,15 +1,13 @@
 #
-# Shorewall - ILO Macro
+# Shorewall -- /usr/share/shorewall/macro.ILO
 #
-# /usr/share/shorewall/macro.ILO
-#
-#	This macro handles console redirection with HP ILO 2+,
-#	Use this macro to open access to your ILO interface from management
-#	workstations.
+# This macro handles console redirection with HP ILO 2+,
+# Use this macro to open access to your ILO interface from management
+# workstations.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	3002		# Raw serial data
 PARAM	-	-	tcp	9300		# Shared Remote Console
 PARAM	-	-	tcp	17988		# Virtual Media

Shorewall/Macros/macro.IMAP

@@ -1,12 +1,10 @@
 #
-# Shorewall - IMAP Macro
+# Shorewall -- /usr/share/shorewall/macro.IMAP
 #
-# /usr/share/shorewall/macro.IMAP
-#
-#	This macro handles plaintext IMAP traffic.  For encrypted IMAP,
-#	see macro.IMAPS.
+# This macro handles plaintext and STARTTLS IMAP traffic.
+# For SSL (TLS) IMAP, see macro.IMAPS.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	143

Shorewall/Macros/macro.IMAPS

@@ -1,12 +1,11 @@
 #
-# Shorewall - IMAPS Macro
+# Shorewall -- /usr/share/shorewall/macro.IMAPS
 #
-# /usr/share/shorewall/macro.IMAPS
-#
-#	This macro handles encrypted IMAP traffic.  For plaintext IMAP
-#	(not recommended), see macro.IMAP.
+# This macro handles SSL (TLS) IMAP traffic.
+# For plaintext (not recommended) and STARTLS (recommended) IMAP see
+# macro.IMAP.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	993

Shorewall/Macros/macro.IPIP

@@ -1,12 +1,10 @@
 #
-# Shorewall - IPIP Macro
+# Shorewall -- /usr/share/shorewall/macro.IPIP
 #
-# /usr/share/shorewall/macro.IPIP
-#
-#	This macro (bidirectional) handles IPIP capsulation traffic
+# This macro (bidirectional) handles IPIP capsulation traffic
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	94	# IPIP
 PARAM	DEST	SOURCE	94	# IPIP

Shorewall/Macros/macro.IPMI

@@ -1,16 +1,15 @@
 #
-# Shorewall - IPMI Macro
+# Shorewall -- /usr/share/shorewall/macro.IPMI
 #
-# /usr/share/shorewall/macro.IPMI
-#
-#	This macro handles IPMI console redirection with Asus (AMI),
-#	Dell DRAC5+ (Avocent), and Supermicro (Aten or AMI).
-#	Use this macro to open access to your IPMI interface from management
-#	workstations.
+# This macro handles IPMI console redirection with RMCP protocol.
+# Tested to work with with Asus (AMI),
+# Dell DRAC5+ (Avocent), and Supermicro (Aten or AMI).
+# Use this macro to open access to your IPMI interface from management
+# workstations.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	623		# RMCP
 PARAM	-	-	tcp	3668,3669	# Virtual Media, Secure (Dell)
 PARAM	-	-	tcp	5120,5123	# CD, floppy (Asus, Aten)

Shorewall/Macros/macro.IPP

@@ -1,11 +1,9 @@
 #
-# Shorewall - IPP Macro
+# Shorewall -- /usr/share/shorewall/macro.IPP
 #
-# /usr/share/shorewall/macro.IPP
-#
-#	This macro handles Internet Printing Protocol (IPP).
+# This macro handles Internet Printing Protocol (IPP).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	631

Shorewall/Macros/macro.IPPbrd

@@ -1,13 +1,11 @@
 #
-# Shorewall - IPP Broadcast Macro
+# Shorewall -- /usr/share/shorewall/macro.IPPbrd
 #
-# /usr/share/shorewall/macro.IPPbrd
-#
-#	This macro handles Internet Printing Protocol (IPP) broadcasts.
-#       If you also need to handle TCP 631 connections in the opposite
-#       direction, use the IPPserver Macro
+# This macro handles Internet Printing Protocol (IPP) broadcasts.
+# If you also need to handle TCP 631 connections in the opposite
+# direction, use the IPPserver Macro
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	631

Shorewall/Macros/macro.IPPserver

@@ -1,29 +1,28 @@
 #
-# Shorewall - IPPserver Macro
+# Shorewall -- /usr/share/shorewall/macro.IPPserver
 #
-# /usr/share/shorewall/macro.IPPserver
+# This macro handles Internet Printing Protocol (IPP), indicating
+# that DEST is a printing server for SOURCE.  The macro allows
+# print queue broadcasts from the server to the client, and
+# printing connections from the client to the server.
 #
-#	This macro handles Internet Printing Protocol (IPP), indicating
-#	that DEST is a printing server for SOURCE.  The macro allows
-#	print queue broadcasts from the server to the client, and
-#	printing connections from the client to the server.
+# Example usage on a single-interface firewall which is a print client:
 #
-#	Example usage on a single-interface firewall which is a print
-#	client:
-#		IPPserver/ACCEPT $FW net
+#	IPPserver(ACCEPT)	$FW	net
 #
-#	Example for a two-interface firewall which acts as a print
-#	server for loc:
-#		IPPserver/ACCEPT loc $FW
+# Example for a two-interface firewall which acts as a print server for loc:
 #
-#	NOTE: If you want both to serve requests for local printers and
-#	listen to requests for remote printers (i.e. your CUPS server is
-#	also a client), you need to apply the rule twice, e.g.
-#		IPPserver/ACCEPT loc $FW
-#		IPPserver/ACCEPT $FW loc
+#	IPPserver(ACCEPT)	loc	$FW
+#
+# NOTE: If you want both to serve requests for local printers and listen to
+# requests for remote printers (i.e. your CUPS server is also a client),
+# you need to apply the rule twice, e.g.
+#
+#	IPPserver(ACCEPT)	loc	$FW
+#	IPPserver(ACCEPT)	$FW	loc
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	SOURCE	DEST	tcp	631
 PARAM	DEST	SOURCE	udp	631

Shorewall/Macros/macro.IPsec

@@ -1,13 +1,11 @@
 #
-# Shorewall - IPsec Macro
+# Shorewall -- /usr/share/shorewall/macro.IPsec
 #
-# /usr/share/shorewall/macro.IPsec
-#
-#	This macro (bidirectional) handles IPsec traffic
+# This macro (bidirectional) handles IPsec traffic
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	500	500	# IKE
 PARAM	-	-	50			# ESP
 PARAM	DEST	SOURCE	udp	500	500	# IKE

Shorewall/Macros/macro.IPsecah

@@ -1,14 +1,12 @@
 #
-# Shorewall - IPsecah Macro
+# Shorewall -- /usr/share/shorewall/macro.IPsecah
 #
-# /usr/share/shorewall/macro.IPsecah
-#
-#	This macro (bidirectional) handles IPsec authentication (AH) traffic.
-#       This is insecure. You should use ESP with encryption for security.
+# This macro (bidirectional) handles IPsec authentication (AH) traffic.
+# This is insecure. You should use ESP with encryption for security.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	500	500	# IKE
 PARAM	-	-	51			# AH
 PARAM	DEST	SOURCE	udp	500	500	# IKE

Shorewall/Macros/macro.IPsecnat

@@ -1,13 +1,11 @@
 #
-# Shorewall - IPsecnat Macro
+# Shorewall -- /usr/share/shorewall/macro.IPsecnat
 #
-# /usr/share/shorewall/macro.IPsecnat
-#
-#	This macro (bidirectional) handles IPsec traffic and Nat-Traversal
+# This macro (bidirectional) handles IPsec traffic and Nat-Traversal
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	500	# IKE
 PARAM	-	-	udp	4500	# NAT-T
 PARAM	-	-	50		# ESP

Shorewall/Macros/macro.IRC

@@ -1,13 +1,10 @@
 #
-# Shorewall IRC Macro
+# Shorewall -- /usr/share/shorewall/macro.IRC
 #
-# /usr/share/shorewall/macro.IRC
-#
-#	This macro handles IRC traffic (Internet Relay Chat).
+# This macro handles IRC traffic (Internet Relay Chat).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __IRC_HELPER  )
  PARAM	-	-	tcp	6667 { helper=irc }

Shorewall/Macros/macro.JAP

@@ -1,17 +1,14 @@
 #
-# Shorewall - JAP Macro
+# Shorewall -- /usr/share/shorewall/macro.JAP
 #
-# /usr/share/shorewall/macro.JAP
-#
-#	This macro handles JAP Anon Proxy traffic.  This macro is for
-#	administrators running a Mix server.  It is NOT for people trying
-#	to browse anonymously!
+# This macro handles JAP Anon Proxy Mix server traffic.
+# It is NOT for people trying to browse anonymously!
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	8080 # HTTP port
 PARAM	-	-	tcp	6544 # HTTP port
 PARAM	-	-	tcp	6543 # InfoService port
-HTTPS(PARAM)
-SSH(PARAM)
+HTTPS
+SSH

Shorewall/Macros/macro.Jabber

@@ -1,11 +1,9 @@
 #
-# Shorewall - Jabber Macro
+# Shorewall -- /usr/share/shorewall/macro.Jabber
 #
-# /usr/share/shorewall/macro.Jabber
-#
-#	This macro accepts Jabber traffic.
+# This macro handles Jabber traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	5222

Shorewall/Macros/macro.JabberPlain

@@ -1,12 +1,9 @@
 #
-# Shorewall - JabberPlain Macro
+# Shorewall -- /usr/share/shorewall/macro.JabberPlain
 #
-# /usr/share/shorewall/macro.JabberPlain
-#
-#	This macro accepts Jabber traffic (plaintext). This macro is
-#	deprecated - use of macro.Jabber instead is recommended.
+# This macro is deprecated - use of macro.Jabber instead is recommended.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 Jabber

Shorewall/Macros/macro.JabberSecure

@@ -1,13 +1,9 @@
 #
-# Shorewall - JabberSecure (SSL) Macro
+# Shorewall -- /usr/share/shorewall/macro.JabberSecure
 #
-# /usr/share/shorewall/macro.JabberSecure
-#
-#	This macro accepts Jabber traffic (SSL). Use of Jabber with SSL
-#	is deprecated, please configure Jabber with STARTTLS and use
-#	Jabber macro instead.
+# This macro handles deprecated Jabber (SSL) traffic. Use STARTTLS instead.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	5223

Shorewall/Macros/macro.Jabberd

@@ -1,11 +1,9 @@
 #
-# Shorewall - Jabberd (server intercommunication)
+# Shorewall -- /usr/share/shorewall/macro.Jabberd
 #
-# /usr/share/shorewall/macro.Jabberd
-#
-#	This macro accepts Jabberd intercommunication traffic
+# This macro handles Jabberd intercommunication traffic
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	5269

Shorewall/Macros/macro.Jetdirect

@@ -1,11 +1,9 @@
 #
-# Shorewall - Jetdirect Macro
+# Shorewall -- /usr/share/shorewall/macro.Jetdirect
 #
-# /usr/share/shorewall/macro.Jetdirect
-#
-#	This macro handles HP Jetdirect printing.
+# This macro handles HP Jetdirect printing.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	9100

Shorewall/Macros/macro.Kerberos

@@ -1,12 +1,10 @@
 #
-# Shorewall - Kerberos Macro
+# Shorewall -- /usr/share/shorewall/macro.Kerberos
 #
-# /usr/share/shorewall/macro.Kerberos
-#
-#	This macro handles Kerberos traffic.
+# This macro handles Kerberos traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	88
 PARAM	-	-	udp	88

Shorewall/Macros/macro.L2TP

@@ -1,13 +1,11 @@
 #
-# Shorewall - L2TP Macro
+# Shorewall -- /usr/share/shorewall/macro.L2TP
 #
-# /usr/share/shorewall/macro.L2TP
-#
-#	This macro (bidirectional) handles Layer 2 Tunneling Protocol traffic
-#	(RFC 2661)
+# This macro (bidirectional) handles Layer 2 Tunneling Protocol traffic.
+# (RFC 2661)
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	1701	# L2TP
 PARAM	DEST	SOURCE	udp	1701	# L2TP

Shorewall/Macros/macro.LDAP

@@ -1,16 +1,14 @@
 #
-# Shorewall - LDAP Macro
+# Shorewall -- /usr/share/shorewall/macro.LDAP
 #
-# /usr/share/shorewall/macro.LDAP
-#
-#	This macro handles plaintext LDAP traffic.  For encrypted LDAP
-#	traffic, see macro.LDAPS.  Use of LDAPS is recommended (and is
-#	required by some directory services) if you want to do user
-#	authentication over LDAP.  Note that some LDAP implementations
-#	support initiating TLS connections via the plaintext LDAP port.
-#	Consult your LDAP server documentation for details.
+# This macro handles plaintext LDAP traffic. For encrypted LDAP
+# traffic, see macro.LDAPS.  Use of LDAPS is recommended (and is
+# required by some directory services) if you want to do user
+# authentication over LDAP.  Note that some LDAP implementations
+# support initiating TLS connections via the plaintext LDAP port.
+# Consult your LDAP server documentation for details.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	389

Shorewall/Macros/macro.LDAPS

@@ -1,16 +1,14 @@
 #
-# Shorewall - LDAPS Macro
+# Shorewall -- /usr/share/shorewall/macro.LDAPS
 #
-# /usr/share/shorewall/macro.LDAPS
-#
-#	This macro handles encrypted LDAP traffic.  For plaintext LDAP
-#	traffic, see macro.LDAP.  Use of LDAPS is recommended (and is
-#	required by some directory services) if you want to do user
-#	authentication over LDAP.  Note that some LDAP implementations
-#	support initiating TLS connections via the plaintext LDAP port.
-#	Consult your LDAP server documentation for details.
+# This macro handles encrypted LDAP traffic.  For plaintext LDAP
+# traffic, see macro.LDAP.  Use of LDAPS is recommended (and is
+# required by some directory services) if you want to do user
+# authentication over LDAP.  Note that some LDAP implementations
+# support initiating TLS connections via the plaintext LDAP port.
+# Consult your LDAP server documentation for details.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	636

Shorewall/Macros/macro.MSA

@@ -0,0 +1,9 @@
+#
+# Shorewall -- /usr/share/shorewall/macro.MSA
+#
+# This macro handles mail message submission agent (MSA) traffic.
+#
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
+PARAM	-	-	tcp	587

Shorewall/Macros/macro.MSNP

@@ -1,11 +1,9 @@
 #
-# Shorewall - MSNP Macro
+# Shorewall - /usr/share/shorewall/macro.MSNP
 #
-# /usr/share/shorewall/macro.MSNP
-#
-#	This macro handles MSNP (MicroSoft Notification Protocol)
+# This macro handles MSNP (MicroSoft Notification Protocol)
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	1863

Shorewall/Macros/macro.MSSQL

@@ -1,12 +1,10 @@
 #
-# Shorewall - MSSQL Macro
+# Shorewall -- /usr/share/shorewall/macro.MSSQL
 #
-# /usr/share/shorewall/macro.MSSQL
-#
-#	This macro handles MSSQL (Microsoft SQL Server)
+# This macro handles MSSQL (Microsoft SQL Server)
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	1433
 PARAM	-	-	udp	1434

Shorewall/Macros/macro.Mail

@@ -1,19 +1,17 @@
 #
-# Shorewall - Mail Macro
+# Shorewall -- /usr/share/shorewall/macro.Mail
 #
-# /usr/share/shorewall/macro.Mail
+# This macro handles SMTP (email secure and insecure) traffic.
+# It's the aggregate of macro.SMTP, macro.SMTPS, macro.MSA.
 #
-#	This macro handles SMTP (email secure and insecure) traffic.
-#	It's the aggregate of macro.SMTP, macro.SMTPS, macro.Submission.
-#
-#	Note: This macro handles traffic between an MUA (Email client)
-#	and an MTA (mail server) or between MTAs. It does not enable
-#	reading of email via POP3 or IMAP. For those you need to use
-#	the POP3 or IMAP macros.
+# Note: This macro handles traffic between an MUA (Email client)
+# and an MTA (mail server) or between MTAs. It does not enable
+# reading of email via POP3 or IMAP. For those you need to use
+# the POP3 or IMAP macros.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-PARAM	-	-	tcp	25
-PARAM	-	-	tcp	465
-PARAM	-	-	tcp	587
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
+SMTP
+SMTPS
+MSA

Shorewall/Macros/macro.MongoDB

@@ -1,11 +1,9 @@
 #
-# Shorewall - MongoDB Macro
+# Shorewall -- /usr/share/shorewall/macro.MongoDB
 #
-# /usr/share/shorewall/macro.MongoDB
-#
-#	This macro handles MongoDB Daemon/Router traffic.
+# This macro handles MongoDB Daemon/Router traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	27017

Shorewall/Macros/macro.Munin

@@ -1,11 +1,9 @@
 #
-# Shorewall - Munin Macro
+# Shorewall -- /usr/share/shorewall/macro.Munin
 #
-# /usr/share/shorewall/macro.Munin
-#
-#	This macro handles Munin networked resource monitoring traffic
+# This macro handles Munin networked resource monitoring traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	4949

Shorewall/Macros/macro.MySQL

@@ -1,11 +1,9 @@
 #
-# Shorewall - MySQL Macro
+# Shorewall -- /usr/share/shorewall/macro.MySQL
 #
-# /usr/share/shorewall/macro.MySQL
-#
-#	This macro handles connections to the MySQL server.
+# This macro handles connections to the MySQL server.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	3306

Shorewall/Macros/macro.NNTP

@@ -1,12 +1,10 @@
 #
-# Shorewall NNTP Macro
+# Shorewall -- /usr/share/shorewall/macro.NNTP
 #
-# /usr/share/shorewall/macro.NNTP
-#
-#	This macro handles plaintext NNTP traffic (Usenet).  For
-#	encrypted NNTP, see macro.NNTPS.
+# This macro handles plaintext NNTP traffic (Usenet).
+# For encrypted NNTP, see macro.NNTPS.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	119

Shorewall/Macros/macro.NNTPS

@@ -1,12 +1,10 @@
 #
-# Shorewall NNTPS Macro
+# Shorewall -- /usr/share/shorewall/macro.NNTPS
 #
-# /usr/share/shorewall/macro.NNTPS
-#
-#	This macro handles encrypted NNTP traffic (Usenet).  For
-#	plaintext NNTP, see macro.NNTP.
+# This macro handles encrypted NNTP traffic (Usenet).
+# For plaintext NNTP, see macro.NNTP.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	563

Shorewall/Macros/macro.NTP

@@ -1,12 +1,10 @@
 #
-# Shorewall - NTP Macro
+# Shorewall -- /usr/share/shorewall/macro.NTP
 #
-# /usr/share/shorewall/macro.NTP
-#
-#	This macro handles NTP traffic (ntpd).
-#	For broadcast NTP traffic, use NTPbrd Macro.
+# This macro handles NTP traffic.
+# For broadcast NTP traffic, use NTPbrd Macro.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	123