Save/restore nat OUTPUT jump to DOCKER

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall-core/install.sh

@@ -2,7 +2,7 @@
 #
 # Script to install Shoreline Firewall Core Modules
 #
-#     (c) 2000-2011,2014 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #

Shorewall-core/lib.cli

@@ -266,7 +266,7 @@ search_log() # $1 = IP address to search for
 #
 # Show traffic control information
 #
-show_tc() {
+show_tc1() {
 
     show_one_tc() {
 	local device
@@ -292,6 +292,19 @@ show_tc() {
 
 }
 
+show_tc() {
+    echo "$g_product $SHOREWALL_VERSION Traffic Control at $g_hostname - $(date)"
+    echo
+    shift
+
+    if [ -z "$1" ]; then
+	$g_tool -t mangle -L -n -v | $output_filter
+	echo
+    fi
+
+    show_tc1 $1
+}
+
 #
 # Show classifier information
 #
@@ -928,6 +941,202 @@ show_actions() {
 	grep -Ev '^\#|^$' ${g_sharedir}/actions.std
     fi
 }
+
+show_chain() {
+    echo "$g_product $SHOREWALL_VERSION $([ $# -gt 1 ] && echo "Chains " || [ $# -gt 0 ] && echo "Chain " || echo $table Table)$* at $g_hostname - $(date)"
+    echo
+    show_reset
+    if [ $# -gt 0 ]; then
+	for chain in $*; do
+	    $g_tool -t $table -L $chain $g_ipt_options | $output_filter
+	    echo
+	done
+    else
+	$g_tool -t $table -L $g_ipt_options | $output_filter
+    fi
+}
+
+show_chains() {
+    echo "$g_product $SHOREWALL_VERSION $([ $# -gt 1 ] && echo "Chains " || echo "Chain ")$* at $g_hostname - $(date)"
+    echo
+    show_reset
+    for chain in $*; do
+	$g_tool -t $table -L $chain $g_ipt_options | $output_filter
+	echo
+    done
+}
+
+show_table() {
+    echo "$g_product $SHOREWALL_VERSION $table Table at $g_hostname - $(date)"
+    echo
+    show_reset
+    $g_tool -t $table -L $g_ipt_options | $output_filter
+}
+
+show_nat() {
+    echo "$g_product $SHOREWALL_VERSION NAT Table at $g_hostname - $(date)"
+    echo
+    show_reset
+    $g_tool -t nat -L $g_ipt_options | $output_filter
+}
+
+show_raw() {
+    echo "$g_product $SHOREWALL_VERSION RAW Table at $g_hostname - $(date)"
+    echo
+    show_reset
+    $g_tool -t raw -L $g_ipt_options | $output_filter
+}
+
+show_rawpost() {
+    echo "$g_product $SHOREWALL_VERSION RAWPOST Table at $g_hostname - $(date)"
+    echo
+    show_reset
+    $g_tool -t rawpost -L $g_ipt_options | $output_filter
+}
+
+show_mangle() {
+    echo "$g_product $SHOREWALL_VERSION Mangle Table at $g_hostname - $(date)"
+    echo
+    show_reset
+    $g_tool -t mangle -L $g_ipt_options | $output_filter
+}
+
+show_classifiers_command() {
+    echo "$g_product $SHOREWALL_VERSION Classifiers at $g_hostname - $(date)"
+    echo
+    show_classifiers
+}
+
+show_ip_addresses() {
+    echo "$g_product $SHOREWALL_VERSION IP at $g_hostname - $(date)"
+    echo
+    ip -$g_family addr list
+}
+
+show_routing_command() {
+    echo "$g_product $SHOREWALL_VERSION Routing at $g_hostname - $(date)"
+    echo
+    show_routing
+}
+
+show_policies() {
+    echo "$g_product $SHOREWALL_VERSION Policies at $g_hostname - $(date)"
+    echo
+    [ -f ${VARDIR}/policies ] && cat ${VARDIR}/policies
+}
+
+show_ipa() {
+    echo "$g_product $SHOREWALL_VERSION per-IP Accounting at $g_hostname - $(date)"
+    echo
+    perip_accounting
+}
+
+show_arptables() {
+    echo "$g_product $SHOREWALL_VERSION arptables at $g_hostname - $(date)"
+    echo
+    $arptables -L -n -v
+}
+
+show_log() {
+    echo "$g_product $SHOREWALL_VERSION Log ($LOGFILE) at $g_hostname - $(date)"
+    echo
+    show_reset
+    host=$(echo $g_hostname | sed 's/\..*$//')
+
+    if [ $# -eq 2 ]; then
+	eval search_log $2
+    elif [ -n "$g_pager" ]; then
+	packet_log 100
+    else
+	packet_log 20
+    fi
+}
+
+show_connections() {
+    if [ $g_family -eq 4 ]; then
+	if [ -d /proc/sys/net/netfilter/ ]; then
+	    local count
+	    local max
+	    count=$(cat /proc/sys/net/netfilter/nf_conntrack_count)
+	    max=$(cat /proc/sys/net/netfilter/nf_conntrack_max)
+	    echo "$g_product $SHOREWALL_VERSION Connections ($count out of $max) at $g_hostname - $(date)"
+	else
+	    echo "$g_product $SHOREWALL_VERSION Connections at $g_hostname - $(date)"
+	fi
+
+	echo
+
+	if qt mywhich conntrack ; then
+	    shift
+	    conntrack -f ipv4 -L $@ | show_connections_filter
+	else
+	    [ $# -gt 1 ] && usage 1
+	    if [ -f /proc/net/ip_conntrack ]; then
+		cat /proc/net/ip_conntrack | show_connections_filter
+	    else
+		grep -v '^ipv6' /proc/net/nf_conntrack | show_connections_filter
+	    fi
+	fi
+    elif qt mywhich conntrack ; then
+	shift
+	echo "$g_product $SHOREWALL_VERSION Connections at $g_hostname - $(date)"
+	echo
+	conntrack -f ipv6 -L $@ | show_connections_filter
+    else
+	[ $# -gt 1 ] && usage 1
+	if [ -f /proc/sys/net/netfilter/nf_conntrack_count -a -f /proc/sys/net/nf_conntrack ]; then
+	    local count=$(cat /proc/sys/net/netfilter/nf_conntrack_count)
+	    local max=$(cat /proc/sys/net/netfilter/nf_conntrack_max)
+	    echo "$g_product $SHOREWALL_VERSION Connections ($count of $max) at $g_hostname - $(date)"
+	    echo
+	    grep '^ipv6' /proc/net/nf_conntrack | sed -r 's/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | show_connections_filter
+	fi
+    fi
+}
+
+show_nfacct_command() {
+    echo "$g_product $SHOREWALL_VERSION NF Accounting at $g_hostname - $(date)"
+    echo
+    show_nfacct
+}
+
+show_events_command() {
+    echo "$g_product $SHOREWALL_VERSION events at $g_hostname - $(date)"
+    echo
+    show_events
+}
+
+show_blacklists() {
+    echo "$g_product $SHOREWALL_VERSION blacklist chains at $g_hostname - $(date)"
+    echo
+    show_bl;
+}
+
+show_actions_sorted() {
+    show_actions | sort
+}
+
+show_macros() {
+    for directory in $(split $CONFIG_PATH); do
+	temp=
+	for macro in ${directory}/macro.*; do
+	    case $macro in
+		*\*)
+                ;;
+		*)
+		    if [ -z "$temp" ]; then
+			echo
+			echo "Macros in $directory:"
+			echo
+			temp=Yes
+		    fi
+		    show_macro
+		    ;;
+	    esac
+	done
+    done
+}
+
 #
 # Show Command Executor
 #
@@ -941,6 +1150,7 @@ show_command() {
     local output_filter
     output_filter=cat
     local arptables
+    local macro
 
     show_macro() {
 	foo=`grep 'This macro' $macro | sed 's/This macro //'`
@@ -1041,108 +1251,37 @@ show_command() {
 
     case "$1" in
 	connections)
-	    if [ $g_family -eq 4 ]; then
-		if [ -d /proc/sys/net/netfilter/ ]; then
-		    local count
-		    local max
-		    count=$(cat /proc/sys/net/netfilter/nf_conntrack_count)
-		    max=$(cat /proc/sys/net/netfilter/nf_conntrack_max)
-		    echo "$g_product $SHOREWALL_VERSION Connections ($count out of $max) at $g_hostname - $(date)"
-		else
-		    echo "$g_product $SHOREWALL_VERSION Connections at $g_hostname - $(date)"
-		fi
-
-		echo
-
-		if qt mywhich conntrack ; then
-		    shift
-		    conntrack -f ipv4 -L $@ | show_connections_filter
-		else
-		    [ $# -gt 1 ] && usage 1
-		    if [ -f /proc/net/ip_conntrack ]; then
-			cat /proc/net/ip_conntrack | show_connections_filter
-		    else
-			grep -v '^ipv6' /proc/net/nf_conntrack | show_connections_filter
-		    fi
-	        fi
-	    elif qt mywhich conntrack ; then
-		shift
-		echo "$g_product $SHOREWALL_VERSION Connections at $g_hostname - $(date)"
-		echo
-		conntrack -f ipv6 -L $@ | show_connections_filter
-	    else
-		[ $# -gt 1 ] && usage 1
-		if [ -f /proc/sys/net/netfilter/nf_conntrack_count -a -f /proc/sys/net/nf_conntrack ]; then
-		    local count=$(cat /proc/sys/net/netfilter/nf_conntrack_count)
-		    local max=$(cat /proc/sys/net/netfilter/nf_conntrack_max)
-		    echo "$g_product $SHOREWALL_VERSION Connections ($count of $max) at $g_hostname - $(date)"
-		    echo
-		    grep '^ipv6' /proc/net/nf_conntrack | sed -r 's/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | show_connections_filter
-		fi
-	    fi
+	    eval show_connections $@ $g_pager
 	    ;;
 	nat)
 	    [ $# -gt 1 ] && usage 1
-	    echo "$g_product $SHOREWALL_VERSION NAT Table at $g_hostname - $(date)"
-	    echo
-	    show_reset
-	    $g_tool -t nat -L $g_ipt_options | $output_filter
+	    eval show_nat $g_pager
 	    ;;
 	raw)
 	    [ $# -gt 1 ] && usage 1
-	    echo "$g_product $SHOREWALL_VERSION RAW Table at $g_hostname - $(date)"
-	    echo
-	    show_reset
-	    $g_tool -t raw -L $g_ipt_options | $output_filter
+	    eval show_raw $g_pager
 	    ;;
 	rawpost)
 	    [ $# -gt 1 ] && usage 1
-	    echo "$g_product $SHOREWALL_VERSION RAWPOST Table at $g_hostname - $(date)"
-	    echo
-	    show_reset
-	    $g_tool -t rawpost -L $g_ipt_options | $output_filter
+	    eval show_rawpost $g_pager
 	    ;;
 	tos|mangle)
 	    [ $# -gt 1 ] && usage 1
-	    echo "$g_product $SHOREWALL_VERSION Mangle Table at $g_hostname - $(date)"
-	    echo
-	    show_reset
-	    $g_tool -t mangle -L $g_ipt_options | $output_filter
+	    eval show_mangle $g_pager
 	    ;;
 	log)
 	    [ $# -gt 2 ] && usage 1
 
 	    setup_logread
-
-	    echo "$g_product $SHOREWALL_VERSION Log ($LOGFILE) at $g_hostname - $(date)"
-	    echo
-	    show_reset
-	    host=$(echo $g_hostname | sed 's/\..*$//')
-
-	    if [ $# -eq 2 ]; then
-		search_log $2
-	    else
-		packet_log 20
-	    fi
+	    eval show_log $g_pager
 	    ;;
 	tc)
 	    [ $# -gt 2 ] && usage 1
-	    echo "$g_product $SHOREWALL_VERSION Traffic Control at $g_hostname - $(date)"
-	    echo
-	    shift
-
-	    if [ -z "$1" ]; then
-		$g_tool -t mangle -L -n -v | $output_filter
-		echo
-	    fi
-
-	    show_tc $1
+	    eval show_tc $@ $g_pager
 	    ;;
 	classifiers|filters)
 	    [ $# -gt 1 ] && usage 1
-	    echo "$g_product $SHOREWALL_VERSION Classifiers at $g_hostname - $(date)"
-	    echo
-	    show_classifiers
+	    eval show_classifiers_command $g_pager
 	    ;;
 	zones)
 	    [ $# -gt 1 ] && usage 1
@@ -1172,22 +1311,18 @@ show_command() {
 	    determine_capabilities
 	    VERBOSITY=2
 	    if [ -n "$g_filemode" ]; then
-		report_capabilities1
+		eval report_capabilities1 $g_pager
 	    else
-		report_capabilities
+		eval report_capabilities $g_pager
 	    fi
 	    ;;
 	ip)
 	    [ $# -gt 1 ] && usage 1
-	    echo "$g_product $SHOREWALL_VERSION IP at $g_hostname - $(date)"
-	    echo
-	    ip -$g_family addr list
+	    eval show_ip_addresses $g_pager
 	    ;;
 	routing)
 	    [ $# -gt 1 ] && usage 1
-	    echo "$g_product $SHOREWALL_VERSION Routing at $g_hostname - $(date)"
-	    echo
-	    show_routing
+	    eval show_routing_command $g_pager
 	    ;;
 	config)
 	    . ${g_sharedir}/configpath
@@ -1209,33 +1344,19 @@ show_command() {
 	    ;;
 	chain)
 	    shift
-	    echo "$g_product $SHOREWALL_VERSION $([ $# -gt 1 ] && echo "Chains " || [ $# -gt 0 ] && echo "Chain " || echo $table Table)$* at $g_hostname - $(date)"
-	    echo
-	    show_reset
-	    if [ $# -gt 0 ]; then
-		for chain in $*; do
-		    $g_tool -t $table -L $chain $g_ipt_options | $output_filter
-		    echo
-		done
-	    else
-		$g_tool -t $table -L $g_ipt_options | $output_filter
-	    fi
+	    eval show_chain $@ $g_pager
 	    ;;
 	vardir)
 	    echo $VARDIR;
 	    ;;
 	policies)
 	    [ $# -gt 1 ] && usage 1
-	    echo "$g_product $SHOREWALL_VERSION Policies at $g_hostname - $(date)"
-	    echo
-	    [ -f ${VARDIR}/policies ] && cat ${VARDIR}/policies;
+	    eval show_policies $g_pager
 	    ;;
 	ipa)
 	    [ $g_family -eq 4 ] || usage 1
-	    echo "$g_product $SHOREWALL_VERSION per-IP Accounting at $g_hostname - $(date)"
-	    echo
 	    [ $# -gt 1 ] && usage 1
-	    perip_accounting
+	    eval show_ipa $g_pager
 	    ;;
 	marks)
 	    [ $# -gt 1 ] && usage 1
@@ -1245,17 +1366,13 @@ show_command() {
 	    ;;
 	nfacct)
 	    [ $# -gt 1 ] && usage 1
-	    echo "$g_product $SHOREWALL_VERSION NF Accounting at $g_hostname - $(date)"
-	    echo
-	    show_nfacct
+	    eval show_nfacct_command $g_pager
 	    ;;
 	arptables)
 	    [ $# -gt 1 ] && usage 1
 	    resolve_arptables
 	    if [ -n "$arptables" -a -x $arptables ]; then
-		echo "$g_product $SHOREWALL_VERSION arptables at $g_hostname - $(date)"
-		echo
-		$arptables -L -n -v
+		eval show_arptables $g_pager
 	    else
 		error_message "Cannot locate the arptables executable"
 	    fi
@@ -1269,15 +1386,11 @@ show_command() {
 	    ;;
 	events)
 	    [ $# -gt 1 ] && usage 1
-	    echo "$g_product $SHOREWALL_VERSION events at $g_hostname - $(date)"
-	    echo
-	    show_events
+	    eval show_events_command $g_pager
 	    ;;
 	bl|blacklists)
 	    [ $# -gt 1 ] && usage 1
-	    echo "$g_product $SHOREWALL_VERSION blacklist chains at $g_hostname - $(date)"
-	    echo
-	    show_bl;
+	    eval show_blacklists $g_pager
 	    ;;
 	opens)
 	    [ $# -gt 1 ] && usage 1
@@ -1297,7 +1410,7 @@ show_command() {
 		    case $1 in
 			actions)
 			    [ $# -gt 1 ] && usage 1
-			    show_actions | sort
+			    eval show_actions_sorted $g_pager
 			    return
 			    ;;
 			macro)
@@ -1314,25 +1427,7 @@ show_command() {
 			    ;;
 			macros)
 			    [ $# -gt 1 ] && usage 1
-
-			    for directory in $(split $CONFIG_PATH); do
-				temp=
-				for macro in ${directory}/macro.*; do
-				    case $macro in
-					*\*)
-                                            ;;
-					*)
-				            if [ -z "$temp" ]; then
-						echo
-						echo "Macros in $directory:"
-						echo
-						temp=Yes
-					    fi
-					    show_macro
-					    ;;
-				    esac
-				done
-			    done
+			    eval show_macros $g_pager
 			    return
 			    ;;
 		    esac
@@ -1352,20 +1447,11 @@ show_command() {
 			error_message "ERROR: Chain '$chain' is not recognized by $g_tool."
 			exit 1
 		    fi
-		done
+					 done
 
-		echo "$g_product $SHOREWALL_VERSION $([ $# -gt 1 ] && echo "Chains " || echo "Chain ")$* at $g_hostname - $(date)"
-		echo
-		show_reset
-		for chain in $*; do
-		    $g_tool -t $table -L $chain $g_ipt_options | $output_filter
-		    echo
-		done
+		eval show_chains $@ $g_pager
 	    else
-		echo "$g_product $SHOREWALL_VERSION $table Table at $g_hostname - $(date)"
-		echo
-		show_reset
-		$g_tool -t $table -L $g_ipt_options | $output_filter
+		eval show_table $g_pager
 	    fi
 	    ;;
     esac
@@ -1416,12 +1502,16 @@ dump_filter() {
 		;;
 	esac
 
-	$command $filter
+	eval $command $filter $g_pager
     else
 	cat -
     fi
 }
 
+dump_filter_wrapper() {
+    eval dump_filter $g_pager
+}
+
 #
 # Dump Command Executor
 #
@@ -1632,14 +1722,14 @@ do_dump_command() {
 
     if [ -n "$TC_ENABLED" ]; then
 	heading "Traffic Control"
-	show_tc
+	show_tc1
 	heading "TC Filters"
 	show_classifiers
 	fi
 }
 
 dump_command() {
-    do_dump_command $@ | dump_filter
+    do_dump_command $@ | dump_filter_wrapper
 }
 
 #
@@ -3699,6 +3789,23 @@ get_config() {
 
     g_loopback=$(find_loopback_interfaces)
 
+    if [ -n "$PAGER" -a -t 1 ]; then
+	case $PAGER in
+	    /*)
+		g_pager="$PAGER"
+		[ -f "$g_pager" ] || fatal_error "PAGER=$PAGER does not exist"
+		;;
+	    *)
+		g_pager=$(mywhich pager 2> /dev/null)
+		[ -n "$g_pager" ] || fatal_error "PAGER=$PAGER does not exist"
+		;;
+	esac
+
+	[ -x "$g_pager" ] || fatal_error "PAGER $g_pager is not executable"
+
+	g_pager="| $g_pager"
+     fi
+
     lib=$(find_file lib.cli-user)
 
     [ -f $lib ] && . $lib
@@ -4039,6 +4146,7 @@ shorewall_cli() {
     g_counters=
     g_loopback=
     g_compiled=
+    g_pager=
 
     VERBOSE=
     VERBOSITY=1

Shorewall-core/uninstall.sh

@@ -2,7 +2,7 @@
 #
 # Script to back uninstall Shoreline Firewall
 #
-#     (c) 2000-2014 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://www.shorewall.net
 #

Shorewall-init/install.sh

@@ -2,7 +2,7 @@
 #
 # Script to install Shoreline Firewall Init
 #
-#     (c) 2000-20114 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
 #     (c) 2010 - Roberto C. Sanchez (roberto@connexer.com)
 #
 #       Shorewall documentation is available at http://shorewall.net

Shorewall-init/uninstall.sh

@@ -2,7 +2,7 @@
 #
 # Script to back uninstall Shoreline Firewall
 #
-#     (c) 2000-2014 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.sourceforge.net
 #

Shorewall-lite/install.sh

@@ -2,7 +2,7 @@
 #
 # Script to install Shoreline Firewall Lite
 #
-#     (c) 2000-2011,2014 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #

Shorewall-lite/uninstall.sh

@@ -2,7 +2,7 @@
 #
 # Script to back uninstall Shoreline Firewall
 #
-#     (c) 2000-2011,2014 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.sourceforge.net
 #

Shorewall/Macros/macro.AMQP

@@ -1,12 +1,10 @@
 #
-# Shorewall - AMQP Macro
+# Shorewall -- /usr/share/shorewall/macro.AMQP
 #
-# /usr/share/shorewall/macro.AMQP
-#
-#	This macro handles AMQP traffic.
+# This macro handles AMQP traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	5672
 PARAM	-	-	udp	5672

Shorewall/Macros/macro.A_AllowICMPs

@@ -1,13 +1,10 @@
 #
-# Shorewall - Audited AllowICMPs Macro
+# Shorewall -- /usr/share/shorewall/macro.A_AllowICMPs
 #
-# /usr/share/shorewall/macro.A_AllowICMPs
-#
-#	This macro A_ACCEPTs needed ICMP types
+# This macro audits and accepts needed ICMP types.
 #
 ###############################################################################
-#ACTION		SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#					PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION		SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE
 
 ?COMMENT Needed ICMP types
 

Shorewall/Macros/macro.A_DropDNSrep

@@ -1,13 +1,10 @@
 #
-# Shorewall - Audited DropDNSrep Macro
+# Shorewall -- /usr/share/shorewall/macro.A_DropDNSrep
 #
-# /usr/share/shorewall/macro.A_DropDNSrep
-#
-#	This macro silently audites and drops DNS UDP replies
+# This macro audits and drops DNS UDP replies.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 
 ?COMMENT Late DNS Replies
 

Shorewall/Macros/macro.A_DropUPnP

@@ -1,13 +1,10 @@
 #
-# Shorewall - ADropUPnP Macro
+# Shorewall -- /usr/share/shorewall/macro.A_DropUPnP
 #
-# /usr/share/shorewall/macro.A_DropUPnP
-#
-#	This macro silently drops UPnP probes on UDP port 1900
+# This macro audits and drops UPnP probes on UDP port 1900.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 
 ?COMMENT UPnP
 

Shorewall/Macros/macro.ActiveDir

@@ -1,16 +1,13 @@
 #
-# Shorewall - Samba 4 Macro
-#
-# /usr/share/shorewall/macro.ActiveDir
-#
-#	This macro handles ports for Samba 4 Active Directory Service
-#
-# You can comment out the ports you do not want open
+# Shorewall -- /usr/share/shorewall/macro.ActiveDir
 #
+# This macro handles ports for Samba 4 Active Directory Service.
+# You can copy this file to /etc/shorewall[6]/ and comment out the ports you
+# do not want open.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM   -       -       tcp     389 	#LDAP services
 PARAM   -       -       udp	389  
 PARAM   -       -       tcp     636	#LDAP SSL

Shorewall/Macros/macro.AllowICMPs

@@ -1,13 +1,10 @@
 #
-# Shorewall - AllowICMPs Macro
+# Shorewall -- /usr/share/shorewall/macro.AllowICMPs
 #
-# /usr/share/shorewall/macro.AllowICMPs
-#
-#	This macro ACCEPTs needed ICMP types
+# This macro ACCEPTs needed ICMP types.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 
 ?COMMENT Needed ICMP types
 

Shorewall/Macros/macro.Amanda

@@ -1,15 +1,12 @@
 #
-# Shorewall - Amanda Macro
+# Shorewall -- /usr/share/shorewall/macro.Amanda
 #
-# /usr/share/shorewall/macro.Amanda
-#
-#	This macro handles connections required by the AMANDA backup system
-#	to back up remote nodes.  It does not provide the ability to restore
-#	files from those nodes.
+# This macro handles connections required by the AMANDA backup system
+# to back up remote nodes.  It does not provide the ability to restore
+# files from those nodes.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __AMANDA_HELPER )
  PARAM	-	-	udp	10080 { helper=amanda }

Shorewall/Macros/macro.Auth

@@ -1,11 +1,9 @@
 #
-# Shorewall - Auth Macro
+# Shorewall -- /usr/share/shorewall/macro.Auth
 #
-# /usr/share/shorewall/macro.Auth
-#
-#	This macro handles Auth (identd) traffic.
+# This macro handles Auth (identd) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	113

Shorewall/Macros/macro.BGP

@@ -1,11 +1,9 @@
 #
-# Shorewall - BGP Macro
+# Shorewall -- /usr/share/shorewall/macro.BGP
 #
-# /usr/share/shorewall/macro.BGP
-#
-#	This macro handles BGP4 traffic.
+# This macro handles BGP4 traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	179	# BGP4

Shorewall/Macros/macro.BLACKLIST

@@ -1,13 +1,11 @@
 #
-# Shorewall - blacklist Macro
+# Shorewall -- /usr/share/shorewall/macro.blacklist
 #
-# /usr/share/shorewall/macro.blacklist
-#
-#	This macro handles blacklisting using BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL
+# This macro handles blacklisting using BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 ?if $BLACKLIST_LOGLEVEL
 blacklog
 ?else

Shorewall/Macros/macro.BitTorrent

@@ -1,19 +1,16 @@
 #
-# Shorewall - BitTorrent Macro
+# Shorewall -- /usr/share/shorewall/macro.BitTorrent
 #
-# /usr/share/shorewall/macro.BitTorrent
+# This macro handles BitTorrent traffic for BitTorrent 3.1 and earlier.
 #
-#	This macro handles BitTorrent traffic for BitTorrent 3.1 and earlier.
-#
-#	If you are running BitTorrent 3.2 or later, you should use the
-#	BitTorrent32 macro.
+# If you are running BitTorrent 3.2 or later, you should use the
+# BitTorrent32 macro.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	6881:6889
 #
 # It may also be necessary to allow UDP traffic:
 #
 PARAM	-	-	udp	6881
-#

Shorewall/Macros/macro.BitTorrent32

@@ -1,16 +1,13 @@
 #
-# Shorewall - BitTorrent 3.2 Macro
+# Shorewall -- /usr/share/shorewall/macro.BitTorrent32
 #
-# /usr/share/shorewall/macro.BitTorrent32
-#
-#	This macro handles BitTorrent traffic for BitTorrent 3.2 and later.
+# This macro handles BitTorrent traffic for BitTorrent 3.2 and later.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	6881:6999
 #
 # It may also be necessary to allow UDP traffic:
 #
 PARAM	-	-	udp	6881
-#

Shorewall/Macros/macro.CVS

@@ -1,11 +1,9 @@
 #
-# Shorewall - CVS Macro
+# Shorewall -- /usr/share/shorewall/macro.CVS
 #
-# /usr/share/shorewall/macro.CVS
-#
-#	This macro handles connections to the CVS pserver.
+# This macro handles connections to the CVS pserver.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	2401

Shorewall/Macros/macro.Citrix

@@ -1,14 +1,12 @@
 #
-# Shorewall - Citrix/ICA Macro
+# Shorewall -- /usr/share/shorewall/macro.Citrix
 #
-# /usr/share/shorewall/macro.Citrix
-#
-#	This macro handles Citrix/ICA traffic (ICA, ICA Browser, CGP a.k.a.
-#	ICA Session Reliability)
+# This macro handles Citrix/ICA traffic (ICA, ICA Browser, CGP a.k.a.
+# ICA Session Reliability)
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	1494	# ICA
 PARAM	-	-	udp	1604	# ICA Browser
 PARAM	-	-	tcp	2598	# CGP Session Reliabilty

Shorewall/Macros/macro.DAAP

@@ -1,13 +1,11 @@
 #
-# Shorewall - DAAP Macro
+# Shorewall -- /usr/share/shorewall/macro.DAAP
 #
-# /usr/share/shorewall/macro.DAAP
-#
-#	This macro handles DAAP (Digital Audio Access Protocol) traffic.
-#	The protocol is used by iTunes, Rythmbox and other similar daemons.
+# This macro handles DAAP (Digital Audio Access Protocol) traffic.
+# The protocol is used by iTunes, Rythmbox and other similar daemons.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	3689
 PARAM	-	-	udp	3689

Shorewall/Macros/macro.DCC

@@ -1,12 +1,10 @@
 #
-# Shorewall - DCC Macro
+# Shorewall -- /usr/share/shorewall/macro.DCC
 #
-# /usr/share/shorewall/macro.DCC
-#
-#	This macro handles DCC (Distributed Checksum Clearinghouse) traffic.
-#	DCC is a distributed spam filtering mechanism.
+# This macro handles DCC (Distributed Checksum Clearinghouse) traffic.
+# DCC is a distributed spam filtering mechanism.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	6277

Shorewall/Macros/macro.DHCPfwd

@@ -1,12 +1,10 @@
 #
-# Shorewall - DHCPfwd Macro
+# Shorewall -- /usr/share/shorewall/macro.DHCPfwd
 #
-# /usr/share/shorewall/macro.DHCPfwd
-#
-#	This macro (bidirectional) handles forwarded DHCP traffic
+# This macro (bidirectional) handles forwarded DHCP traffic
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	67:68	67:68	# DHCP
 PARAM	DEST	SOURCE	udp	67:68	67:68	# DHCP

Shorewall/Macros/macro.DNS

@@ -1,12 +1,10 @@
 #
-# Shorewall - DNS Macro
+# Shorewall --  /usr/share/shorewall/macro.DNS
 #
-# /usr/share/shorewall/macro.DNS
-#
-#	This macro handles DNS traffic.
+# This macro handles DNS traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	53
 PARAM	-	-	tcp	53

Shorewall/Macros/macro.Distcc

@@ -1,11 +1,9 @@
 #
-# Shorewall - Distcc Macro
+# Shorewall -- /usr/share/shorewall/macro.Distcc
 #
-# /usr/share/shorewall/macro.Distcc
-#
-#	This macro handles connections to the Distributed Compiler service.
+# This macro handles connections to the Distributed Compiler service.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	3632

Shorewall/Macros/macro.Drop

@@ -1,18 +1,15 @@
 #
-# Shorewall - Drop Macro
+# Shorewall -- /usr/share/shorewall/macro.Drop
 #
-# /usr/share/shorewall/macro.Drop
+# This macro generates the same rules as the Drop default action
+# It is used in place of action.Drop when USE_ACTIONS=No.
 #
-#	This macro generates the same rules as the Drop default action
-#	It is used in place of action.Drop when USE_ACTIONS=No.
+# Example:
 #
-#	Example:
-#
-#		Drop	net	all
+#	Drop	net	all
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 #
 # Don't log 'auth' DROP
 #

Shorewall/Macros/macro.DropDNSrep

@@ -1,13 +1,10 @@
 #
-# Shorewall - DropDNSrep Macro
+# Shorewall -- /usr/share/shorewall/macro.DropDNSrep
 #
-# /usr/share/shorewall/macro.DropDNSrep
-#
-#	This macro silently drops DNS UDP replies
+# This macro silently drops DNS UDP replies
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 
 ?COMMENT Late DNS Replies
 

Shorewall/Macros/macro.DropUPnP

@@ -1,13 +1,10 @@
 #
-# Shorewall - DropUPnP Macro
+# Shorewall -- /usr/share/shorewall/macro.DropUPnP
 #
-# /usr/share/shorewall/macro.DropUPnP
-#
-#	This macro silently drops UPnP probes on UDP port 1900
+# This macro silently drops UPnP probes on UDP port 1900
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 
 ?COMMENT UPnP
 

Shorewall/Macros/macro.Edonkey

@@ -1,34 +1,31 @@
 #
-# Shorewall - Edonkey Macro
+# Shorewall -- /usr/share/shorewall/macro.Edonkey
 #
-# /usr/share/shorewall/macro.Edonkey
+# This macro handles Edonkey traffic.
 #
-#	This macro handles Edonkey traffic.
+# http://www.portforward.com/english/routers/port_forwarding/2wire/1000s/eDonkey.htm
+# says to use udp 5737 rather than 4665.
 #
+# http://www.amule.org/wiki/index.php/FAQ_ed2k says this:
 #
-#	http://www.portforward.com/english/routers/port_forwarding/2wire/1000s/eDonkey.htm
-#	says to use udp 5737 rather than 4665.
+# 4661 TCP (outgoing) Port, on which a server listens for connection
+# (defined by server).
 #
-#	http://www.amule.org/wiki/index.php/FAQ_ed2k says this:
+# 4665 UDP (outgoing) used for global server searches and global source
+# queries. This is always Server TCP port (in this case 4661) + 4.
 #
-#	4661 TCP (outgoing) Port, on which a server listens for connection
-#	(defined by server).
+# 4662 TCP (outgoing and incoming) Client to client transfers.
 #
-#	4665 UDP (outgoing) used for global server searches and global source
-#	queries. This is always Server TCP port (in this case 4661) + 4.
+# 4672 UDP (outgoing and incoming) Extended eMule protocol, Queue
+# Rating, File Reask Ping
 #
-#	4662 TCP (outgoing and incoming) Client to client transfers.
+# 4711 TCP WebServer listening port.
 #
-#	4672 UDP (outgoing and incoming) Extended eMule protocol, Queue
-#	Rating, File Reask Ping
-#
-#	4711 TCP WebServer listening port.
-#
-#	4712 TCP External Connection port. Used to communicate aMule with other
-#	applications such as aMule WebServer or aMuleCMD.
+# 4712 TCP External Connection port. Used to communicate aMule with other
+# applications such as aMule WebServer or aMuleCMD.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	4662
 PARAM	-	-	udp	4665

Shorewall/Macros/macro.FTP

@@ -1,13 +1,11 @@
 #
-# Shorewall - FTP Macro
+# Shorewall -- /usr/share/shorewall/macro.FTP
 #
-# /usr/share/shorewall/macro.FTP
-#
-#	This macro handles FTP traffic.
+# This macro handles FTP traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __FTP_HELPER  )
  PARAM	-	-	tcp	21 { helper=ftp }
 ?else

Shorewall/Macros/macro.Finger

@@ -1,12 +1,10 @@
 #
-# Shorewall - Finger Macro
+# Shorewall -- /usr/share/shorewall/macro.Finger
 #
-# /usr/share/shorewall/macro.Finger
-#
-#	This macro handles Finger protocol. You should not generally open
-#	your finger information to internet.
+# This macro handles Finger protocol.
+# You should not generally open your finger information to internet.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	79

Shorewall/Macros/macro.GNUnet

@@ -1,13 +1,11 @@
 #
-# Shorewall - GNUnet Macro
+# Shorewall -- /usr/share/shorewall/macro.GNUnet
 #
-# /usr/share/shorewall/macro.GNUnet
-#
-#	This macro handles GNUnet (secure peer-to-peer networking) traffic.
+# This macro handles GNUnet (secure peer-to-peer networking) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	2086
 PARAM	-	-	udp	2086
 PARAM	-	-	tcp	1080

Shorewall/Macros/macro.GRE

@@ -1,13 +1,10 @@
 #
-# Shorewall - GRE Macro
+# Shorewall -- /usr/share/shorewall/macro.GRE
 #
-# /usr/share/shorewall/macro.GRE
-#
-#	This macro (bi-directional) handles Generic Routing Encapsulation
-#	traffic (RFC 1701)
+# This macro (bidirectional) handles Generic Routing Encapsulation (GRE).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	47	# GRE
 PARAM	DEST	SOURCE	47	# GRE

Shorewall/Macros/macro.Git

@@ -1,11 +1,9 @@
 #
-# Shorewall - Git Macro
+# Shorewall -- /usr/share/shorewall/macro.Git
 #
-# /usr/share/shorewall/macro.Git
-#
-#	This macro handles Git traffic.
+# This macro handles Git traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	9418

Shorewall/Macros/macro.Gnutella

@@ -1,12 +1,10 @@
 #
-# Shorewall - Gnutella Macro
+# Shorewall -- /usr/share/shorewall/macro.Gnutella
 #
-# /usr/share/shorewall/macro.Gnutella
-#
-#	This macro handles Gnutella traffic.
+# This macro handles Gnutella traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	6346
 PARAM	-	-	udp	6346

Shorewall/Macros/macro.Goto-Meeting

@@ -1,12 +1,11 @@
 #
-# Shorewall - Citrix/Goto Meeting macro
+# Shorewall -- /usr/share/shorewall/macro.Goto-Meeting
 #
-# /usr/share/shorewall/macro.Goto-Meeting
-#          by Eric Teeter
-#       This macro handles Citrix/Goto Meeting
-#       Assumes that ports 80 and 443 are already open
-#       If needed, use the macros that open Http and Https to reduce redundancy
-####################################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-PARAM      -    -       tcp     8200    # Goto Meeting only needed (TCP outbound)
+# This macro handles Citrix/Goto Meeting.
+#
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
+PARAM      -    -       tcp     8200    # Goto Meeting only needed outbound
+HTTP
+HTTPS

Shorewall/Macros/macro.HKP

@@ -1,11 +1,9 @@
 #
-# Shorewall - HKP Macro
+# Shorewall -- /usr/share/shorewall/macro.HKP
 #
-# /usr/share/shorewall/macro.HKP
-#
-#	This macro handles OpenPGP HTTP keyserver protocol traffic.
+# This macro handles OpenPGP HTTP keyserver protocol traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	11371

Shorewall/Macros/macro.HTTP

@@ -1,11 +1,9 @@
 #
-# Shorewall - HTTP Macro
+# Shorewall -- /usr/share/shorewall/macro.HTTP
 #
-# /usr/share/shorewall/macro.HTTP
-#
-#	This macro handles plaintext HTTP (WWW) traffic.
+# This macro handles plaintext HTTP (WWW) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	80

Shorewall/Macros/macro.HTTPS

@@ -1,11 +1,9 @@
 #
-# Shorewall - HTTPS Macro
+# Shorewall -- /usr/share/shorewall/macro.HTTPS
 #
-# /usr/share/shorewall/macro.HTTPS
-#
-#	This macro handles HTTPS (WWW over SSL) traffic.
+# This macro handles HTTPS (WWW over TLS) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	443

Shorewall/Macros/macro.ICPV2

@@ -1,11 +1,9 @@
 #
-# Shorewall - ICPV2 Macro
+# Shorewall - /usr/share/shorewall/macro.ICPV2
 #
-# /usr/share/shorewall/macro.ICPV2
-#
-#	This macro handles Internet Cache Protocol V2 (Squid) traffic
+# This macro handles Internet Cache Protocol V2 (Squid) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	3130

Shorewall/Macros/macro.ICQ

@@ -1,11 +1,9 @@
 #
-# Shorewall - ICQ Macro
+# Shorewall -- /usr/share/shorewall/macro.ICQ
 #
-# /usr/share/shorewall/macro.ICQ
-#
-#	This macro handles ICQ, now called AOL Instant Messenger (or AIM).
+# This macro handles ICQ, now called AOL Instant Messenger (or AIM).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	5190

Shorewall/Macros/macro.ILO

@@ -1,15 +1,13 @@
 #
-# Shorewall - ILO Macro
+# Shorewall -- /usr/share/shorewall/macro.ILO
 #
-# /usr/share/shorewall/macro.ILO
-#
-#	This macro handles console redirection with HP ILO 2+,
-#	Use this macro to open access to your ILO interface from management
-#	workstations.
+# This macro handles console redirection with HP ILO 2+,
+# Use this macro to open access to your ILO interface from management
+# workstations.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	3002		# Raw serial data
 PARAM	-	-	tcp	9300		# Shared Remote Console
 PARAM	-	-	tcp	17988		# Virtual Media

Shorewall/Macros/macro.IMAP

@@ -1,12 +1,10 @@
 #
-# Shorewall - IMAP Macro
+# Shorewall -- /usr/share/shorewall/macro.IMAP
 #
-# /usr/share/shorewall/macro.IMAP
-#
-#	This macro handles plaintext IMAP traffic.  For encrypted IMAP,
-#	see macro.IMAPS.
+# This macro handles plaintext and STARTTLS IMAP traffic.
+# For SSL (TLS) IMAP, see macro.IMAPS.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	143

Shorewall/Macros/macro.IMAPS

@@ -1,12 +1,11 @@
 #
-# Shorewall - IMAPS Macro
+# Shorewall -- /usr/share/shorewall/macro.IMAPS
 #
-# /usr/share/shorewall/macro.IMAPS
-#
-#	This macro handles encrypted IMAP traffic.  For plaintext IMAP
-#	(not recommended), see macro.IMAP.
+# This macro handles SSL (TLS) IMAP traffic.
+# For plaintext (not recommended) and STARTLS (recommended) IMAP see
+# macro.IMAP.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	993

Shorewall/Macros/macro.IPIP

@@ -1,12 +1,10 @@
 #
-# Shorewall - IPIP Macro
+# Shorewall -- /usr/share/shorewall/macro.IPIP
 #
-# /usr/share/shorewall/macro.IPIP
-#
-#	This macro (bidirectional) handles IPIP capsulation traffic
+# This macro (bidirectional) handles IPIP capsulation traffic
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	94	# IPIP
 PARAM	DEST	SOURCE	94	# IPIP

Shorewall/Macros/macro.IPMI

@@ -1,16 +1,15 @@
 #
-# Shorewall - IPMI Macro
+# Shorewall -- /usr/share/shorewall/macro.IPMI
 #
-# /usr/share/shorewall/macro.IPMI
-#
-#	This macro handles IPMI console redirection with Asus (AMI),
-#	Dell DRAC5+ (Avocent), and Supermicro (Aten or AMI).
-#	Use this macro to open access to your IPMI interface from management
-#	workstations.
+# This macro handles IPMI console redirection with RMCP protocol.
+# Tested to work with with Asus (AMI),
+# Dell DRAC5+ (Avocent), and Supermicro (Aten or AMI).
+# Use this macro to open access to your IPMI interface from management
+# workstations.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	623		# RMCP
 PARAM	-	-	tcp	3668,3669	# Virtual Media, Secure (Dell)
 PARAM	-	-	tcp	5120,5123	# CD, floppy (Asus, Aten)

Shorewall/Macros/macro.IPP

@@ -1,11 +1,9 @@
 #
-# Shorewall - IPP Macro
+# Shorewall -- /usr/share/shorewall/macro.IPP
 #
-# /usr/share/shorewall/macro.IPP
-#
-#	This macro handles Internet Printing Protocol (IPP).
+# This macro handles Internet Printing Protocol (IPP).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	631

Shorewall/Macros/macro.IPPbrd

@@ -1,13 +1,11 @@
 #
-# Shorewall - IPP Broadcast Macro
+# Shorewall -- /usr/share/shorewall/macro.IPPbrd
 #
-# /usr/share/shorewall/macro.IPPbrd
-#
-#	This macro handles Internet Printing Protocol (IPP) broadcasts.
-#       If you also need to handle TCP 631 connections in the opposite
-#       direction, use the IPPserver Macro
+# This macro handles Internet Printing Protocol (IPP) broadcasts.
+# If you also need to handle TCP 631 connections in the opposite
+# direction, use the IPPserver Macro
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	631

Shorewall/Macros/macro.IPPserver

@@ -1,29 +1,28 @@
 #
-# Shorewall - IPPserver Macro
+# Shorewall -- /usr/share/shorewall/macro.IPPserver
 #
-# /usr/share/shorewall/macro.IPPserver
+# This macro handles Internet Printing Protocol (IPP), indicating
+# that DEST is a printing server for SOURCE.  The macro allows
+# print queue broadcasts from the server to the client, and
+# printing connections from the client to the server.
 #
-#	This macro handles Internet Printing Protocol (IPP), indicating
-#	that DEST is a printing server for SOURCE.  The macro allows
-#	print queue broadcasts from the server to the client, and
-#	printing connections from the client to the server.
+# Example usage on a single-interface firewall which is a print client:
 #
-#	Example usage on a single-interface firewall which is a print
-#	client:
-#		IPPserver/ACCEPT $FW net
+#	IPPserver(ACCEPT)	$FW	net
 #
-#	Example for a two-interface firewall which acts as a print
-#	server for loc:
-#		IPPserver/ACCEPT loc $FW
+# Example for a two-interface firewall which acts as a print server for loc:
 #
-#	NOTE: If you want both to serve requests for local printers and
-#	listen to requests for remote printers (i.e. your CUPS server is
-#	also a client), you need to apply the rule twice, e.g.
-#		IPPserver/ACCEPT loc $FW
-#		IPPserver/ACCEPT $FW loc
+#	IPPserver(ACCEPT)	loc	$FW
+#
+# NOTE: If you want both to serve requests for local printers and listen to
+# requests for remote printers (i.e. your CUPS server is also a client),
+# you need to apply the rule twice, e.g.
+#
+#	IPPserver(ACCEPT)	loc	$FW
+#	IPPserver(ACCEPT)	$FW	loc
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	SOURCE	DEST	tcp	631
 PARAM	DEST	SOURCE	udp	631

Shorewall/Macros/macro.IPsec

@@ -1,13 +1,11 @@
 #
-# Shorewall - IPsec Macro
+# Shorewall -- /usr/share/shorewall/macro.IPsec
 #
-# /usr/share/shorewall/macro.IPsec
-#
-#	This macro (bidirectional) handles IPsec traffic
+# This macro (bidirectional) handles IPsec traffic
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	500	500	# IKE
 PARAM	-	-	50			# ESP
 PARAM	DEST	SOURCE	udp	500	500	# IKE

Shorewall/Macros/macro.IPsecah

@@ -1,14 +1,12 @@
 #
-# Shorewall - IPsecah Macro
+# Shorewall -- /usr/share/shorewall/macro.IPsecah
 #
-# /usr/share/shorewall/macro.IPsecah
-#
-#	This macro (bidirectional) handles IPsec authentication (AH) traffic.
-#       This is insecure. You should use ESP with encryption for security.
+# This macro (bidirectional) handles IPsec authentication (AH) traffic.
+# This is insecure. You should use ESP with encryption for security.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	500	500	# IKE
 PARAM	-	-	51			# AH
 PARAM	DEST	SOURCE	udp	500	500	# IKE

Shorewall/Macros/macro.IPsecnat

@@ -1,13 +1,11 @@
 #
-# Shorewall - IPsecnat Macro
+# Shorewall -- /usr/share/shorewall/macro.IPsecnat
 #
-# /usr/share/shorewall/macro.IPsecnat
-#
-#	This macro (bidirectional) handles IPsec traffic and Nat-Traversal
+# This macro (bidirectional) handles IPsec traffic and Nat-Traversal
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	500	# IKE
 PARAM	-	-	udp	4500	# NAT-T
 PARAM	-	-	50		# ESP

Shorewall/Macros/macro.IRC

@@ -1,13 +1,10 @@
 #
-# Shorewall IRC Macro
+# Shorewall -- /usr/share/shorewall/macro.IRC
 #
-# /usr/share/shorewall/macro.IRC
-#
-#	This macro handles IRC traffic (Internet Relay Chat).
+# This macro handles IRC traffic (Internet Relay Chat).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __IRC_HELPER  )
  PARAM	-	-	tcp	6667 { helper=irc }

Shorewall/Macros/macro.JAP

@@ -1,17 +1,14 @@
 #
-# Shorewall - JAP Macro
+# Shorewall -- /usr/share/shorewall/macro.JAP
 #
-# /usr/share/shorewall/macro.JAP
-#
-#	This macro handles JAP Anon Proxy traffic.  This macro is for
-#	administrators running a Mix server.  It is NOT for people trying
-#	to browse anonymously!
+# This macro handles JAP Anon Proxy Mix server traffic.
+# It is NOT for people trying to browse anonymously!
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	8080 # HTTP port
 PARAM	-	-	tcp	6544 # HTTP port
 PARAM	-	-	tcp	6543 # InfoService port
-HTTPS(PARAM)
-SSH(PARAM)
+HTTPS
+SSH

Shorewall/Macros/macro.Jabber

@@ -1,11 +1,9 @@
 #
-# Shorewall - Jabber Macro
+# Shorewall -- /usr/share/shorewall/macro.Jabber
 #
-# /usr/share/shorewall/macro.Jabber
-#
-#	This macro accepts Jabber traffic.
+# This macro handles Jabber traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	5222

Shorewall/Macros/macro.JabberPlain

@@ -1,12 +1,9 @@
 #
-# Shorewall - JabberPlain Macro
+# Shorewall -- /usr/share/shorewall/macro.JabberPlain
 #
-# /usr/share/shorewall/macro.JabberPlain
-#
-#	This macro accepts Jabber traffic (plaintext). This macro is
-#	deprecated - use of macro.Jabber instead is recommended.
+# This macro is deprecated - use of macro.Jabber instead is recommended.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 Jabber

Shorewall/Macros/macro.JabberSecure

@@ -1,13 +1,9 @@
 #
-# Shorewall - JabberSecure (SSL) Macro
+# Shorewall -- /usr/share/shorewall/macro.JabberSecure
 #
-# /usr/share/shorewall/macro.JabberSecure
-#
-#	This macro accepts Jabber traffic (SSL). Use of Jabber with SSL
-#	is deprecated, please configure Jabber with STARTTLS and use
-#	Jabber macro instead.
+# This macro handles deprecated Jabber (SSL) traffic. Use STARTTLS instead.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	5223

Shorewall/Macros/macro.Jabberd

@@ -1,11 +1,9 @@
 #
-# Shorewall - Jabberd (server intercommunication)
+# Shorewall -- /usr/share/shorewall/macro.Jabberd
 #
-# /usr/share/shorewall/macro.Jabberd
-#
-#	This macro accepts Jabberd intercommunication traffic
+# This macro handles Jabberd intercommunication traffic
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	5269

Shorewall/Macros/macro.Jetdirect

@@ -1,11 +1,9 @@
 #
-# Shorewall - Jetdirect Macro
+# Shorewall -- /usr/share/shorewall/macro.Jetdirect
 #
-# /usr/share/shorewall/macro.Jetdirect
-#
-#	This macro handles HP Jetdirect printing.
+# This macro handles HP Jetdirect printing.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	9100

Shorewall/Macros/macro.Kerberos

@@ -1,12 +1,10 @@
 #
-# Shorewall - Kerberos Macro
+# Shorewall -- /usr/share/shorewall/macro.Kerberos
 #
-# /usr/share/shorewall/macro.Kerberos
-#
-#	This macro handles Kerberos traffic.
+# This macro handles Kerberos traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	88
 PARAM	-	-	udp	88

Shorewall/Macros/macro.L2TP

@@ -1,13 +1,11 @@
 #
-# Shorewall - L2TP Macro
+# Shorewall -- /usr/share/shorewall/macro.L2TP
 #
-# /usr/share/shorewall/macro.L2TP
-#
-#	This macro (bidirectional) handles Layer 2 Tunneling Protocol traffic
-#	(RFC 2661)
+# This macro (bidirectional) handles Layer 2 Tunneling Protocol traffic.
+# (RFC 2661)
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	1701	# L2TP
 PARAM	DEST	SOURCE	udp	1701	# L2TP

Shorewall/Macros/macro.LDAP

@@ -1,16 +1,14 @@
 #
-# Shorewall - LDAP Macro
+# Shorewall -- /usr/share/shorewall/macro.LDAP
 #
-# /usr/share/shorewall/macro.LDAP
-#
-#	This macro handles plaintext LDAP traffic.  For encrypted LDAP
-#	traffic, see macro.LDAPS.  Use of LDAPS is recommended (and is
-#	required by some directory services) if you want to do user
-#	authentication over LDAP.  Note that some LDAP implementations
-#	support initiating TLS connections via the plaintext LDAP port.
-#	Consult your LDAP server documentation for details.
+# This macro handles plaintext LDAP traffic. For encrypted LDAP
+# traffic, see macro.LDAPS.  Use of LDAPS is recommended (and is
+# required by some directory services) if you want to do user
+# authentication over LDAP.  Note that some LDAP implementations
+# support initiating TLS connections via the plaintext LDAP port.
+# Consult your LDAP server documentation for details.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	389

Shorewall/Macros/macro.LDAPS

@@ -1,16 +1,14 @@
 #
-# Shorewall - LDAPS Macro
+# Shorewall -- /usr/share/shorewall/macro.LDAPS
 #
-# /usr/share/shorewall/macro.LDAPS
-#
-#	This macro handles encrypted LDAP traffic.  For plaintext LDAP
-#	traffic, see macro.LDAP.  Use of LDAPS is recommended (and is
-#	required by some directory services) if you want to do user
-#	authentication over LDAP.  Note that some LDAP implementations
-#	support initiating TLS connections via the plaintext LDAP port.
-#	Consult your LDAP server documentation for details.
+# This macro handles encrypted LDAP traffic.  For plaintext LDAP
+# traffic, see macro.LDAP.  Use of LDAPS is recommended (and is
+# required by some directory services) if you want to do user
+# authentication over LDAP.  Note that some LDAP implementations
+# support initiating TLS connections via the plaintext LDAP port.
+# Consult your LDAP server documentation for details.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	636

Shorewall/Macros/macro.MSA

@@ -0,0 +1,9 @@
+#
+# Shorewall -- /usr/share/shorewall/macro.MSA
+#
+# This macro handles mail message submission agent (MSA) traffic.
+#
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
+PARAM	-	-	tcp	587

Shorewall/Macros/macro.MSNP

@@ -1,11 +1,9 @@
 #
-# Shorewall - MSNP Macro
+# Shorewall - /usr/share/shorewall/macro.MSNP
 #
-# /usr/share/shorewall/macro.MSNP
-#
-#	This macro handles MSNP (MicroSoft Notification Protocol)
+# This macro handles MSNP (MicroSoft Notification Protocol)
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	1863

Shorewall/Macros/macro.MSSQL

@@ -1,12 +1,10 @@
 #
-# Shorewall - MSSQL Macro
+# Shorewall -- /usr/share/shorewall/macro.MSSQL
 #
-# /usr/share/shorewall/macro.MSSQL
-#
-#	This macro handles MSSQL (Microsoft SQL Server)
+# This macro handles MSSQL (Microsoft SQL Server)
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	1433
 PARAM	-	-	udp	1434

Shorewall/Macros/macro.Mail

@@ -1,19 +1,17 @@
 #
-# Shorewall - Mail Macro
+# Shorewall -- /usr/share/shorewall/macro.Mail
 #
-# /usr/share/shorewall/macro.Mail
+# This macro handles SMTP (email secure and insecure) traffic.
+# It's the aggregate of macro.SMTP, macro.SMTPS, macro.MSA.
 #
-#	This macro handles SMTP (email secure and insecure) traffic.
-#	It's the aggregate of macro.SMTP, macro.SMTPS, macro.Submission.
-#
-#	Note: This macro handles traffic between an MUA (Email client)
-#	and an MTA (mail server) or between MTAs. It does not enable
-#	reading of email via POP3 or IMAP. For those you need to use
-#	the POP3 or IMAP macros.
+# Note: This macro handles traffic between an MUA (Email client)
+# and an MTA (mail server) or between MTAs. It does not enable
+# reading of email via POP3 or IMAP. For those you need to use
+# the POP3 or IMAP macros.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-PARAM	-	-	tcp	25
-PARAM	-	-	tcp	465
-PARAM	-	-	tcp	587
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
+SMTP
+SMTPS
+MSA

Shorewall/Macros/macro.MongoDB

@@ -1,11 +1,9 @@
 #
-# Shorewall - MongoDB Macro
+# Shorewall -- /usr/share/shorewall/macro.MongoDB
 #
-# /usr/share/shorewall/macro.MongoDB
-#
-#	This macro handles MongoDB Daemon/Router traffic.
+# This macro handles MongoDB Daemon/Router traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	27017

Shorewall/Macros/macro.Munin

@@ -1,11 +1,9 @@
 #
-# Shorewall - Munin Macro
+# Shorewall -- /usr/share/shorewall/macro.Munin
 #
-# /usr/share/shorewall/macro.Munin
-#
-#	This macro handles Munin networked resource monitoring traffic
+# This macro handles Munin networked resource monitoring traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	4949

Shorewall/Macros/macro.MySQL

@@ -1,11 +1,9 @@
 #
-# Shorewall - MySQL Macro
+# Shorewall -- /usr/share/shorewall/macro.MySQL
 #
-# /usr/share/shorewall/macro.MySQL
-#
-#	This macro handles connections to the MySQL server.
+# This macro handles connections to the MySQL server.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	3306

Shorewall/Macros/macro.NNTP

@@ -1,12 +1,10 @@
 #
-# Shorewall NNTP Macro
+# Shorewall -- /usr/share/shorewall/macro.NNTP
 #
-# /usr/share/shorewall/macro.NNTP
-#
-#	This macro handles plaintext NNTP traffic (Usenet).  For
-#	encrypted NNTP, see macro.NNTPS.
+# This macro handles plaintext NNTP traffic (Usenet).
+# For encrypted NNTP, see macro.NNTPS.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	119

Shorewall/Macros/macro.NNTPS

@@ -1,12 +1,10 @@
 #
-# Shorewall NNTPS Macro
+# Shorewall -- /usr/share/shorewall/macro.NNTPS
 #
-# /usr/share/shorewall/macro.NNTPS
-#
-#	This macro handles encrypted NNTP traffic (Usenet).  For
-#	plaintext NNTP, see macro.NNTP.
+# This macro handles encrypted NNTP traffic (Usenet).
+# For plaintext NNTP, see macro.NNTP.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	563

Shorewall/Macros/macro.NTP

@@ -1,12 +1,10 @@
 #
-# Shorewall - NTP Macro
+# Shorewall -- /usr/share/shorewall/macro.NTP
 #
-# /usr/share/shorewall/macro.NTP
-#
-#	This macro handles NTP traffic (ntpd).
-#	For broadcast NTP traffic, use NTPbrd Macro.
+# This macro handles NTP traffic.
+# For broadcast NTP traffic, use NTPbrd Macro.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	123

Shorewall/Macros/macro.NTPbi

@@ -1,12 +1,10 @@
 #
-# Shorewall - NTPbi Macro
+# Shorewall -- /usr/share/shorewall/macro.NTPbi
 #
-# /usr/share/shorewall/macro.NTPbi
-#
-#        This macro handles  bi-directional NTP (for NTP peers)
+# This macro handles  bi-directional NTP (for NTP peers).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-PARAM	-	-	udp	123
-PARAM	DEST	SOURCE	udp	123
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
+NTP
+NTP	DEST	SOURCE

Shorewall/Macros/macro.NTPbrd

@@ -1,17 +1,14 @@
 #
-# Shorewall - NTPbrd Macro
+# Shorewall -- /usr/share/shorewall/macro.NTPbrd
 #
-# /usr/share/shorewall/macro.NTPbrd
+# This macro handles NTP traffic including replies to Broadcast NTP traffic.
 #
-#	This macro handles NTP traffic (ntpd) including replies to Broadcast
-#	NTP traffic.
-#
-#	It is recommended only to use this where the source host is trusted -
-#	otherwise it opens up a large hole in your firewall because
-#	Netfilter doesn't track connections for broadcast traffic.
+# It is recommended only to use this where the source host is trusted -
+# otherwise it opens up a large hole in your firewall because
+# Netfilter doesn't track connections for broadcast traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-PARAM	-		-		udp	123
-PARAM	-		-		udp	1024:	123
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
+PARAM	-	-	udp	123
+PARAM	-	-	udp	1024:	123

Shorewall/Macros/macro.OSPF

@@ -1,11 +1,9 @@
 #
-# Shorewall - OSPF Macro
+# Shorewall -- /usr/share/shorewall/macro.OSPF
 #
-# /usr/share/shorewall/macro.OSPF
-#
-#	This macro handles OSPF multicast traffic
+# This macro handles OSPF multicast traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	89	# OSPF

Shorewall/Macros/macro.OpenVPN

@@ -1,11 +1,9 @@
 #
-# Shorewall - OpenVPN Macro
+# Shorewall -- /usr/share/shorewall/macro.OpenVPN
 #
-# /usr/share/shorewall/macro.OpenVPN Macro
-#
-#	This macro handles OpenVPN traffic.
+# This macro handles OpenVPN traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	1194

Shorewall/Macros/macro.PCA

@@ -1,12 +1,10 @@
 #
-# Shorewall - PCA Macro
+# Shorewall -- /usr/share/shorewall/macro.PCA
 #
-# /usr/share/shorewall/macro.PCA
-#
-#	This macro handles PCAnywere (tm)
+# This macro handles PCAnywere (tm) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	5632
 PARAM	-	-	tcp	5631

Shorewall/Macros/macro.POP3

@@ -1,12 +1,10 @@
 #
-# Shorewall - POP3 Macro
+# Shorewall -- /usr/share/shorewall/macro.POP3
 #
-# /usr/share/shorewall/macro.POP3
-#
-#	This macro handles plaintext POP3 traffic.  For encrypted POP3,
-#	see macro.POP3S.
+# This macro handles plaintext POP3 traffic.
+# For encrypted POP3, see macro.POP3S.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	110

Shorewall/Macros/macro.POP3S

@@ -1,12 +1,10 @@
 #
-# Shorewall - POP3S Macro
+# Shorewall -- /usr/share/shorewall/macro.POP3S
 #
-# /usr/share/shorewall/macro.POP3S
-#
-#	This macro handles encrypted POP3 traffic.  For plaintext POP3,
-#	see macro.POP3.
+# This macro handles encrypted POP3 traffic.
+# For plaintext POP3, see macro.POP3.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	995	# Secure POP3

Shorewall/Macros/macro.PPtP

@@ -1,15 +1,12 @@
 #
-# Shorewall - PPTP Macro
+# Shorewall -- /usr/share/shorewall/macro.PPtP Macro
 #
-# /usr/share/shorewall/macro.PPtP Macro
-#
-#	This macro handles PPTP traffic.
+# This macro handles PPTP traffic. NOTE: PPTP protocol is insecure.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-PARAM	-	-	47
-PARAM	DEST	SOURCE	47
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
+GRE
 
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __PPTP_HELPER )
  PARAM	-	-	tcp	1723 { helper=pptp }

Shorewall/Macros/macro.Ping

@@ -1,11 +1,9 @@
 #
-# Shorewall - Ping Macro
+# Shorewall -- /usr/share/shorewall/macro.Ping
 #
-# /usr/share/shorewall/macro.Ping
-#
-#	This macro handles 'ping' requests.
+# This macro handles ICMP 'ping' requests.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	icmp	8

Shorewall/Macros/macro.PostgreSQL

@@ -1,11 +1,9 @@
 #
-# Shorewall - PostgreSQL Macro
+# Shorewall -- /usr/share/shorewall/macro.PostgreSQL
 #
-# /usr/share/shorewall/macro.PostgreSQL
-#
-#	This macro handles connections to the PostgreSQL server.
+# This macro handles connections to the PostgreSQL server.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	5432

Shorewall/Macros/macro.Printer

@@ -1,11 +1,9 @@
 #
-# Shorewall - Printer Macro
+# Shorewall -- /usr/share/shorewall/macro.Printer
 #
-# /usr/share/shorewall/macro.Printer
-#
-#	This macro handles Line Printer protocol printing.
+# This macro handles Line Printer protocol printing.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	515

Shorewall/Macros/macro.Puppet

@@ -1,12 +1,9 @@
 #
-# Shorewall - Puppet Macro
+# Shorewall -- /usr/share/shorewall/macro.Puppet
 #
-# /usr/share/shorewall/macro.Puppet
-#
-#	This macro handles client-to-server for the Puppet configuration
-#	management system.
+# This macro handles client-to-server for the Puppet configuration management.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	8140

Shorewall/Macros/macro.QUIC

@@ -1,11 +1,9 @@
 #
-# Shorewall - QUIC Macro
+# Shorewall -- /usr/share/shorewall/macro.QUIC
 #
-# /usr/share/shorewall/macro.QUIC
-#
-#	This macro handles QUIC (Quick UDP Internet Connections).
+# This macro handles QUIC (Quick UDP Internet Connections).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	80,443

Shorewall/Macros/macro.RDP

@@ -1,11 +1,9 @@
 #
-# Shorewall - RDP Macro
+# Shorewall -- /usr/share/shorewall/macro.RDP
 #
-# /usr/share/shorewall/macro.RDP
-#
-#	This macro handles Microsoft RDP (Remote Desktop) traffic.
+# This macro handles Microsoft RDP (Remote Desktop) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	3389

Shorewall/Macros/macro.RIPbi

@@ -1,12 +1,10 @@
 #
-# Shorewall - RIPbi Macro
+# Shorewall -- /usr/share/shorewall/macro.RIPbi
 #
-# /usr/share/shorewall/macro.RIPbi
-#
-#        This macro handles RIP (Routing Information Protocol) - bidirectional
+# This macro (bidirectional) handles Routing Information Protocol (RIP).
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	520
 PARAM	DEST	SOURCE	udp	520

Shorewall/Macros/macro.RNDC

@@ -1,11 +1,9 @@
 #
-# Shorewall - RNDC Macro
+# Shorewall -- /usr/share/shorewall/macro.RNDC
 #
-# /usr/share/shorewall/macro.RNDC
-#
-#	This macro handles RNDC (BIND remote management protocol) traffic.
+# This macro handles BIND remote management protocol (RNDC) traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	953

Shorewall/Macros/macro.Razor

@@ -1,11 +1,9 @@
 #
-# Shorewall - Razor Macro
+# Shorewall -- /usr/share/shorewall/macro.Razor
 #
-# /usr/share/shorewall/macro.Razor
-#
-#	This macro handles traffic for the Razor Antispam System
+# This macro handles traffic for the Razor Antispam System
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 ACCEPT	-	-	tcp	2703

Shorewall/Macros/macro.Rdate

@@ -1,15 +1,13 @@
 #
-# Shorewall - Rdate Macro
+# Shorewall -- /usr/share/shorewall/macro.Rdate
 #
-# /usr/share/shorewall/macro.Rdate
-#
-#	This macro handles remote time retrieval (rdate).
-#	Unless you are supporting extremely old hardware or software,
-#	you shouldn't be using this.  NTP is a superior alternative.
-#	And even if you need to use rfc 868 Time protocol you should
-#	use Time macro instead.
+# This macro handles remote time retrieval (rdate).
+# Unless you are supporting extremely old hardware or software,
+# you shouldn't be using this. NTP is a superior alternative.
+# And even if you need to use rfc 868 Time protocol you should
+# use Time macro instead.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	37

Shorewall/Macros/macro.Redis

@@ -1,11 +1,9 @@
 #
-# Shorewall - Redis Macro
+# Shorewall -- /usr/share/shorewall/macro.Redis
 #
-# /usr/share/shorewall/macro.Redis
-#
-#	This macro handles Redis traffic.
+# This macro handles Redis traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	6379

Shorewall/Macros/macro.Reject

@@ -1,19 +1,15 @@
 #
-# Shorewall - Reject Macro
+# Shorewall -- /usr/share/shorewall/macro.Reject
 #
-# /usr/share/shorewall/macro.Reject
+# This macro generates the same rules as the Reject default action
+# It is used in place of action.Reject when USE_ACTIONS=No.
 #
-#	This macro generates the same rules as the Reject default action
-#	It is used in place of action.Reject when USE_ACTIONS=No.
-#
-#	Example:
-#
-#		Reject	loc	fw
+# Example:
 #
+#	Reject	loc	fw
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 #
 # Don't log 'auth' REJECT
 #

Shorewall/Macros/macro.Rfc1918

@@ -1,14 +1,10 @@
 #
-# Shorewall - Macro Template
+# Shorewall -- /usr/share/shorewall/macro.Rfc1918
 #
-# /usr/share/shorewall/macro.Rfc1918
+# This macro handles SOURCE or ORIGDEST address reserved by RFC 1918.
 #
-#	This macro handles pkts with a SOURCE or ORIGINAL DEST address
-#	reserved by RFC 1918
-#
-#############################################################################################
-#ACTION		SOURCE		DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#						PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-PARAM		SOURCE:10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 \
-				DEST
-PARAM		SOURCE		DEST	-	-	-	10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
+###############################################################################
+#ACTION	SOURCE	DEST
+
+PARAM	SOURCE:10.0.0.0/8,172.16.0.0/12,192.168.0.0/16	DEST
+PARAM	SOURCE	DEST { origdest=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 }

Shorewall/Macros/macro.Rsync

@@ -1,11 +1,9 @@
 #
-# Shorewall - Rsync Macro
+# Shorewall -- /usr/share/shorewall/macro.Rsync
 #
-# /usr/share/shorewall/macro.Rsync
-#
-#	This macro handles connections to the rsync server.
+# This macro handles connections to the rsync server.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	tcp	873

Shorewall/Macros/macro.SANE

@@ -1,13 +1,10 @@
 #
-# Shorewall - SANE Macro
+# Shorewall -- /usr/share/shorewall/macro.SANE
 #
-# /usr/share/shorewall/macro.SANE
-#
-#	This macro handles SANE network scanning.
+# This macro handles SANE network scanning.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __SANE_HELPER )
  PARAM	-	-	tcp	6566 { helper=sane }
@@ -17,7 +14,8 @@
 
 #
 # Kernels 2.6.23+ has nf_conntrack_sane module which will handle
-# sane data connection.
+# sane data connection. If you need these, copy this file to /etc/shorewall
+# and remove comments from one of the entries below.
 #
 # If you don't have sane conntracking support you need to open whole dynamic
 # port range.

Shorewall/Macros/macro.SIP

@@ -1,13 +1,10 @@
 #
-# Shorewall - SIP Macro
+# Shorewall -- /usr/share/shorewall/macro.SIP
 #
-# /usr/share/shorewall/macro.SIP
-#
-#	This macro handles SIP traffic.
+# This macro handles SIP traffic.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __SIP_HELPER  )
  PARAM	-	-	udp	5060 { helper=sip }

Shorewall/Macros/macro.SMB

@@ -1,17 +1,15 @@
 #
-# Shorewall - SMB Macro
+# Shorewall -- /usr/share/shorewall/macro.SMB
 #
-# /usr/share/shorewall/macro.SMB
-#
-#	This macro handles Microsoft SMB traffic. You need to invoke
-#	this macro in both directions.  Beware!  This rule opens a lot
-#	of ports, and could possibly be used to compromise your firewall
-#	if not used with care.  You should only allow SMB traffic
-#	between hosts you fully trust.
+# This macro handles Microsoft SMB traffic.
+# You need to invoke this macro in both directions.
+# Beware!  This rule opens a lot of ports, and could possibly be used to
+# compromise your firewall if not used with care. You should only allow SMB
+# traffic between hosts you fully trust.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
 PARAM	-	-	udp	135,445
 
 ?if ( __CT_TARGET && ! $AUTOHELPERS && __NETBIOS_NS_HELPER )

Shorewall/Macros/macro.SMBBI

@@ -1,36 +1,14 @@
 #
-# Shorewall - SMB Bi-directional Macro
+# Shorewall -- /usr/share/shorewall/macro.SMBBI
 #
-# /usr/share/shorewall/macro.SMBBI
+# This macro (bidirectional) handles Microsoft SMB traffic.
 #
-#	This macro (bidirectional) handles Microsoft SMB traffic.
-#
-#	Beware!  This macro opens a lot of ports, and could possibly be used
-#	to compromise your firewall if not used with care.  You should only
-#	allow SMB traffic between hosts you fully trust.
+# Beware! This macro opens a lot of ports, and could possibly be used
+# to compromise your firewall if not used with care. You should only
+# allow SMB traffic between hosts you fully trust.
 #
 ###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	ORIGIN	RATE	USER/
-#				PORT(S)	PORT(S)	DEST	LIMIT	GROUP
-PARAM	-	-	udp	135,445
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
 
-?if ( __CT_TARGET && ! $AUTOHELPERS && __NETBIOS_NS_HELPER )
- PARAM	-	-	udp	137 { helper=netbios-ns }
- PARAM	-	-	udp	138:139
-?else
- PARAM	-	-	udp	137:139
-?endif
-
-PARAM	-	-	udp	1024:	137
-PARAM	-	-	tcp	135,139,445
-PARAM	DEST	SOURCE	udp	135,445
-
-?if ( __CT_TARGET && ! $AUTOHELPERS && __NETBIOS_NS_HELPER )
- PARAM	DEST	SOURCE	udp	137 { helper=netbios-ns }
- PARAM	DEST	SOURCE	udp	138:139
-?else
- PARAM	DEST	SOURCE	udp	137:139
-?endif
-
-PARAM	DEST	SOURCE	udp	1024:	137
-PARAM	DEST	SOURCE	tcp	135,139,445
+SMB
+SMB	DEST	SOURCE