From: Jo-Philipp Wich Date: Tue, 13 Mar 2018 14:54:49 +0000 (+0100) Subject: Reword rule comments X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=d5923f1924e5ea4374c683500cbc4e6e24bf4a96;p=oweals%2Ffirewall3.git Reword rule comments Reword various rule comments to be more explicit and also annotate the flow offloading rule while we're at it. Signed-off-by: Jo-Philipp Wich --- diff --git a/defaults.c b/defaults.c index bf2b51f..81f439e 100644 --- a/defaults.c +++ b/defaults.c @@ -224,7 +224,7 @@ fw3_print_default_head_rules(struct fw3_ipt_handle *handle, for (i = 0; i < ARRAY_SIZE(chains); i += 2) { r = fw3_ipt_rule_new(handle); - fw3_ipt_rule_comment(r, "user chain for %s", chains[i+1]); + fw3_ipt_rule_comment(r, "Custom %s rule chain", chains[i+1]); fw3_ipt_rule_target(r, "%s_rule", chains[i+1]); fw3_ipt_rule_append(r, chains[i]); } @@ -233,6 +233,7 @@ fw3_print_default_head_rules(struct fw3_ipt_handle *handle, if (defs->flow_offloading) { r = fw3_ipt_rule_new(handle); + fw3_ipt_rule_comment(r, "Traffic offloading"); fw3_ipt_rule_extra(r, "-m conntrack --ctstate RELATED,ESTABLISHED"); fw3_ipt_rule_target(r, "FLOWOFFLOAD"); fw3_ipt_rule_append(r, "FORWARD"); @@ -288,12 +289,12 @@ fw3_print_default_head_rules(struct fw3_ipt_handle *handle, if (defs->custom_chains) { r = fw3_ipt_rule_new(handle); - fw3_ipt_rule_comment(r, "user chain for prerouting"); + fw3_ipt_rule_comment(r, "Custom prerouting rule chain"); fw3_ipt_rule_target(r, "prerouting_rule"); fw3_ipt_rule_append(r, "PREROUTING"); r = fw3_ipt_rule_new(handle); - fw3_ipt_rule_comment(r, "user chain for postrouting"); + fw3_ipt_rule_comment(r, "Custom postrouting rule chain"); fw3_ipt_rule_target(r, "postrouting_rule"); fw3_ipt_rule_append(r, "POSTROUTING"); } diff --git a/forwards.c b/forwards.c index b32b529..b554b60 100644 --- a/forwards.c +++ b/forwards.c @@ -183,7 +183,7 @@ print_forward(struct fw3_ipt_handle *handle, struct fw3_forward *forward) } r = fw3_ipt_rule_new(handle); - fw3_ipt_rule_comment(r, "forwarding %s -> %s", s, d); + fw3_ipt_rule_comment(r, "Zone %s to %s forwarding policy", s, d); set_target(r, forward); append_chain(r, forward); } diff --git a/zones.c b/zones.c index 9161983..e00d527 100644 --- a/zones.c +++ b/zones.c @@ -381,7 +381,7 @@ print_zone_chain(struct fw3_ipt_handle *handle, struct fw3_state *state, for (i = 0; i < sizeof(flt_chains)/sizeof(flt_chains[0]); i += 2) { r = fw3_ipt_rule_new(handle); - fw3_ipt_rule_comment(r, "user chain for %s", flt_chains[i+1]); + fw3_ipt_rule_comment(r, "Custom %s %s rule chain", zone->name, flt_chains[i+1]); fw3_ipt_rule_target(r, "%s_%s_rule", flt_chains[i+1], zone->name); fw3_ipt_rule_append(r, "zone_%s_%s", zone->name, flt_chains[i]); } @@ -391,7 +391,7 @@ print_zone_chain(struct fw3_ipt_handle *handle, struct fw3_state *state, for (i = 0; i < sizeof(nat_chains)/sizeof(nat_chains[0]); i += 2) { r = fw3_ipt_rule_new(handle); - fw3_ipt_rule_comment(r, "user chain for %s", nat_chains[i+1]); + fw3_ipt_rule_comment(r, "Custom %s %s rule chain", zone->name, nat_chains[i+1]); fw3_ipt_rule_target(r, "%s_%s_rule", nat_chains[i+1], zone->name); fw3_ipt_rule_append(r, "zone_%s_%s", zone->name, nat_chains[i]); } @@ -509,7 +509,7 @@ print_interface_rule(struct fw3_ipt_handle *handle, struct fw3_state *state, fw3_ipt_rule_addarg(r, false, "--tcp-flags", "SYN,RST"); fw3_ipt_rule_addarg(r, false, "SYN", NULL); fw3_ipt_rule_limit(r, &zone->log_limit); - fw3_ipt_rule_comment(r, "%s (mtu_fix logging)", zone->name); + fw3_ipt_rule_comment(r, "Zone %s MTU fix logging", zone->name); fw3_ipt_rule_target(r, "LOG"); fw3_ipt_rule_addarg(r, false, "--log-prefix", buf); fw3_ipt_rule_replace(r, "FORWARD"); @@ -518,7 +518,7 @@ print_interface_rule(struct fw3_ipt_handle *handle, struct fw3_state *state, r = fw3_ipt_rule_create(handle, &tcp, NULL, dev, NULL, sub); fw3_ipt_rule_addarg(r, false, "--tcp-flags", "SYN,RST"); fw3_ipt_rule_addarg(r, false, "SYN", NULL); - fw3_ipt_rule_comment(r, "%s (mtu_fix)", zone->name); + fw3_ipt_rule_comment(r, "Zone %s MTU fixing", zone->name); fw3_ipt_rule_target(r, "TCPMSS"); fw3_ipt_rule_addarg(r, false, "--clamp-mss-to-pmtu", NULL); fw3_ipt_rule_replace(r, "FORWARD");