Reword rule comments

Reword various rule comments to be more explicit and also annotate the flow offloading rule while we're at it. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
author: Jo-Philipp Wich <jo@mein.io> 2018-03-13 15:54:49 +0100
committer: Jo-Philipp Wich <jo@mein.io> 2018-03-13 16:06:17 +0100
commit: d5923f1924e5ea4374c683500cbc4e6e24bf4a96 (patch)
tree: 9fae8e2c763e54808fb11cc97bcdb11ded436cfd
parent: c1a295a500f0d113bacc5455af6444eb18cb482f (diff)
download: firewall3-d5923f1924e5ea4374c683500cbc4e6e24bf4a96.tar.gz
3 files changed, 9 insertions, 8 deletions
diff --git a/defaults.c b/defaults.c
index bf2b51f..81f439e 100644
--- a/defaults.c
+++ b/defaults.c
@@ -224,7 +224,7 @@ fw3_print_default_head_rules(struct fw3_ipt_handle *handle,
 			for (i = 0; i < ARRAY_SIZE(chains); i += 2)
 			{
 				r = fw3_ipt_rule_new(handle);
-				fw3_ipt_rule_comment(r, "user chain for %s", chains[i+1]);
+				fw3_ipt_rule_comment(r, "Custom %s rule chain", chains[i+1]);
 				fw3_ipt_rule_target(r, "%s_rule", chains[i+1]);
 				fw3_ipt_rule_append(r, chains[i]);
 			}
@@ -233,6 +233,7 @@ fw3_print_default_head_rules(struct fw3_ipt_handle *handle,
 		if (defs->flow_offloading)
 		{
 			r = fw3_ipt_rule_new(handle);
+			fw3_ipt_rule_comment(r, "Traffic offloading");
 			fw3_ipt_rule_extra(r, "-m conntrack --ctstate RELATED,ESTABLISHED");
 			fw3_ipt_rule_target(r, "FLOWOFFLOAD");
 			fw3_ipt_rule_append(r, "FORWARD");
@@ -288,12 +289,12 @@ fw3_print_default_head_rules(struct fw3_ipt_handle *handle,
 		if (defs->custom_chains)
 		{
 			r = fw3_ipt_rule_new(handle);
-			fw3_ipt_rule_comment(r, "user chain for prerouting");
+			fw3_ipt_rule_comment(r, "Custom prerouting rule chain");
 			fw3_ipt_rule_target(r, "prerouting_rule");
 			fw3_ipt_rule_append(r, "PREROUTING");
 
 			r = fw3_ipt_rule_new(handle);
-			fw3_ipt_rule_comment(r, "user chain for postrouting");
+			fw3_ipt_rule_comment(r, "Custom postrouting rule chain");
 			fw3_ipt_rule_target(r, "postrouting_rule");
 			fw3_ipt_rule_append(r, "POSTROUTING");
 		}
diff --git a/forwards.c b/forwards.c
index b32b529..b554b60 100644
--- a/forwards.c
+++ b/forwards.c
@@ -183,7 +183,7 @@ print_forward(struct fw3_ipt_handle *handle, struct fw3_forward *forward)
 	}
 
 	r = fw3_ipt_rule_new(handle);
-	fw3_ipt_rule_comment(r, "forwarding %s -> %s", s, d);
+	fw3_ipt_rule_comment(r, "Zone %s to %s forwarding policy", s, d);
 	set_target(r, forward);
 	append_chain(r, forward);
 }
diff --git a/zones.c b/zones.c
index 9161983..e00d527 100644
--- a/zones.c
+++ b/zones.c
@@ -381,7 +381,7 @@ print_zone_chain(struct fw3_ipt_handle *handle, struct fw3_state *state,
 			for (i = 0; i < sizeof(flt_chains)/sizeof(flt_chains[0]); i += 2)
 			{
 				r = fw3_ipt_rule_new(handle);
-				fw3_ipt_rule_comment(r, "user chain for %s", flt_chains[i+1]);
+				fw3_ipt_rule_comment(r, "Custom %s %s rule chain", zone->name, flt_chains[i+1]);
 				fw3_ipt_rule_target(r, "%s_%s_rule", flt_chains[i+1], zone->name);
 				fw3_ipt_rule_append(r, "zone_%s_%s", zone->name, flt_chains[i]);
 			}
@@ -391,7 +391,7 @@ print_zone_chain(struct fw3_ipt_handle *handle, struct fw3_state *state,
 			for (i = 0; i < sizeof(nat_chains)/sizeof(nat_chains[0]); i += 2)
 			{
 				r = fw3_ipt_rule_new(handle);
-				fw3_ipt_rule_comment(r, "user chain for %s", nat_chains[i+1]);
+				fw3_ipt_rule_comment(r, "Custom %s %s rule chain", zone->name, nat_chains[i+1]);
 				fw3_ipt_rule_target(r, "%s_%s_rule", nat_chains[i+1], zone->name);
 				fw3_ipt_rule_append(r, "zone_%s_%s", zone->name, nat_chains[i]);
 			}
@@ -509,7 +509,7 @@ print_interface_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
 				fw3_ipt_rule_addarg(r, false, "--tcp-flags", "SYN,RST");
 				fw3_ipt_rule_addarg(r, false, "SYN", NULL);
 				fw3_ipt_rule_limit(r, &zone->log_limit);
-				fw3_ipt_rule_comment(r, "%s (mtu_fix logging)", zone->name);
+				fw3_ipt_rule_comment(r, "Zone %s MTU fix logging", zone->name);
 				fw3_ipt_rule_target(r, "LOG");
 				fw3_ipt_rule_addarg(r, false, "--log-prefix", buf);
 				fw3_ipt_rule_replace(r, "FORWARD");
@@ -518,7 +518,7 @@ print_interface_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
 			r = fw3_ipt_rule_create(handle, &tcp, NULL, dev, NULL, sub);
 			fw3_ipt_rule_addarg(r, false, "--tcp-flags", "SYN,RST");
 			fw3_ipt_rule_addarg(r, false, "SYN", NULL);
-			fw3_ipt_rule_comment(r, "%s (mtu_fix)", zone->name);
+			fw3_ipt_rule_comment(r, "Zone %s MTU fixing", zone->name);
 			fw3_ipt_rule_target(r, "TCPMSS");
 			fw3_ipt_rule_addarg(r, false, "--clamp-mss-to-pmtu", NULL);
 			fw3_ipt_rule_replace(r, "FORWARD");
author	Jo-Philipp Wich <jo@mein.io>	2018-03-13 15:54:49 +0100
committer	Jo-Philipp Wich <jo@mein.io>	2018-03-13 16:06:17 +0100
commit	d5923f1924e5ea4374c683500cbc4e6e24bf4a96 (patch)
tree	9fae8e2c763e54808fb11cc97bcdb11ded436cfd
parent	c1a295a500f0d113bacc5455af6444eb18cb482f (diff)
download	firewall3-d5923f1924e5ea4374c683500cbc4e6e24bf4a96.tar.gz