X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/blobdiff_plain/775bd287d2eda80ffde35b067429c93223c41bbf..38e85ca3b58ddcf50c7db608f5baa2fd19771f8a:/base.m4

diff --git a/base.m4 b/base.m4
index 7aa28b3..659cdbf 100644
--- a/base.m4
+++ b/base.m4
@@ -1,5 +1,5 @@
 m4_divert(-1)
-### -*-sh-*-
+### -*-m4-*-
 ###
 ### Failsafe prologue for firewall scripts
 ###
@@ -29,23 +29,29 @@ m4_changecom(<:##:>)
 ### Overall structure.
 ###
 ###  0	File header: shebang, do-not-edit warning.		[base]
-###  5	Configuration.						[config]
+###  4	Configuration.						[config]
+###  6	  Local settings.					[local]
 ### 10	Prologue: command-line parsing and failsafe.		[prologue]
 ### 20	Function definitions.					[functions]
-### 25	Port numbers etc.					[numbers]
+### 24	Port numbers etc.					[numbers]
+### 26	Networks, hosts and interfaces.				[local]
 ### 30	Initialization.						[bookends]
 ### 30	  Clear existing rules.					[bookends]
 ### 32	  Set safe IP options.					[bookends]
 ### 34	  Error chains.						[bookends]
-### 36	  Give loopback traffic a free pass.			[bookends]
+### 38	  Utility chains.					[functions]
 ### 40	Address classification.					[classify]
 ### 42	  Definition of address class policies.			[local]
 ### 44	  Definition of interfaces and addresses.		[local]
 ### 46	  Handling of default interface.			[classify]
-### 50	ICMP filtering.						[icmp]
-### 52	  Local configuration.					[local]
-### 58	  Finally accept ICMP, hook onto INPUT and FORWARD.	[icmp]
-### 60	Local configuration.					[local]
+### 50	Packet filter.						[bookends]
+### 60	ICMP filtering.						[icmp]
+### 62	  Local configuration.					[local]
+### 68	  Finally accept ICMP, hook onto INPUT and FORWARD.	[icmp]
+### 80	Local configuration.					[local]
+### 84	  Locally bound packet inspection.			[local]
+### 86	  Per-host configuration.				[HOST]
+### 88	  Final filtering.					[local]
 ### 90	Finishing touches.					[bookends]
 ### 94	  Set final policies.					[bookends]
 ### 99	File footer: do-not-edit warning.			[base]
@@ -55,10 +61,24 @@ m4_changecom(<:##:>)
 
 m4_divert(0)m4_dnl
 #! /bin/sh
+<:###:> Firewall script for FWHOST
+###
 ### *** GENERATED FILE: DO NOT EDIT ***
 
+### BEGIN INIT INFO
+# Provides:		firewall
+# Required-Start:	$local_fs
+# Required-Stop:
+# X-Start-Before:	ifupdown
+# X-Stop-After:		ifupdown
+# Default-Start:	S
+# Default-Stop:		0 6
+# Description:		Provides customized packet filter rules.
+### END INIT INFO
+
 set -e
 PATH=/bin:/sbin:/usr/bin:/usr/sbin; export PATH
+fwhost=FWHOST
 
 m4_divert(99)m4_dnl
 ### *** GENERATED FILE: DO NOT EDIT ***
@@ -90,6 +110,6 @@ m4_define(<:defconf:>, <:: ${$1=m4_ifdef(<:conf_$1:>, conf_$1, $2)}:>)
 ## setconf(CONF, VALUE)
 ##
 ## Set config variable VALUE.
-m4_define(<:setconf:> <:m4_define(<:conf_$1:>, <:$2:>):>)
+m4_define(<:setconf:>, <:m4_define(<:conf_$1:>, <:$2:>):>)
 
 ###----- That's all, folks --------------------------------------------------