Reword rule comments

Reword various rule comments to be more explicit and also annotate the flow
offloading rule while we're at it.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

diff --git a/defaults.c b/defaults.c
index bf2b51f..81f439e 100644 (file)
--- a/defaults.c
+++ b/defaults.c
@@ -224,7 +224,7 @@ fw3_print_default_head_rules(struct fw3_ipt_handle *handle,
                        for (i = 0; i < ARRAY_SIZE(chains); i += 2)
                        {
                                r = fw3_ipt_rule_new(handle);
-                               fw3_ipt_rule_comment(r, "user chain for %s", chains[i+1]);
+                               fw3_ipt_rule_comment(r, "Custom %s rule chain", chains[i+1]);
                                fw3_ipt_rule_target(r, "%s_rule", chains[i+1]);
                                fw3_ipt_rule_append(r, chains[i]);
                        }
@@ -233,6 +233,7 @@ fw3_print_default_head_rules(struct fw3_ipt_handle *handle,
                if (defs->flow_offloading)
                {
                        r = fw3_ipt_rule_new(handle);
+                       fw3_ipt_rule_comment(r, "Traffic offloading");
                        fw3_ipt_rule_extra(r, "-m conntrack --ctstate RELATED,ESTABLISHED");
                        fw3_ipt_rule_target(r, "FLOWOFFLOAD");
                        fw3_ipt_rule_append(r, "FORWARD");
@@ -288,12 +289,12 @@ fw3_print_default_head_rules(struct fw3_ipt_handle *handle,
                if (defs->custom_chains)
                {
                        r = fw3_ipt_rule_new(handle);
-                       fw3_ipt_rule_comment(r, "user chain for prerouting");
+                       fw3_ipt_rule_comment(r, "Custom prerouting rule chain");
                        fw3_ipt_rule_target(r, "prerouting_rule");
                        fw3_ipt_rule_append(r, "PREROUTING");
 
                        r = fw3_ipt_rule_new(handle);
-                       fw3_ipt_rule_comment(r, "user chain for postrouting");
+                       fw3_ipt_rule_comment(r, "Custom postrouting rule chain");
                        fw3_ipt_rule_target(r, "postrouting_rule");
                        fw3_ipt_rule_append(r, "POSTROUTING");
                }

diff --git a/forwards.c b/forwards.c
index b32b529..b554b60 100644 (file)
--- a/forwards.c
+++ b/forwards.c
@@ -183,7 +183,7 @@ print_forward(struct fw3_ipt_handle *handle, struct fw3_forward *forward)
        }
 
        r = fw3_ipt_rule_new(handle);
-       fw3_ipt_rule_comment(r, "forwarding %s -> %s", s, d);
+       fw3_ipt_rule_comment(r, "Zone %s to %s forwarding policy", s, d);
        set_target(r, forward);
        append_chain(r, forward);
 }

diff --git a/zones.c b/zones.c
index 9161983..e00d527 100644 (file)
--- a/zones.c
+++ b/zones.c
@@ -381,7 +381,7 @@ print_zone_chain(struct fw3_ipt_handle *handle, struct fw3_state *state,
                        for (i = 0; i < sizeof(flt_chains)/sizeof(flt_chains[0]); i += 2)
                        {
                                r = fw3_ipt_rule_new(handle);
-                               fw3_ipt_rule_comment(r, "user chain for %s", flt_chains[i+1]);
+                               fw3_ipt_rule_comment(r, "Custom %s %s rule chain", zone->name, flt_chains[i+1]);
                                fw3_ipt_rule_target(r, "%s_%s_rule", flt_chains[i+1], zone->name);
                                fw3_ipt_rule_append(r, "zone_%s_%s", zone->name, flt_chains[i]);
                        }
@@ -391,7 +391,7 @@ print_zone_chain(struct fw3_ipt_handle *handle, struct fw3_state *state,
                        for (i = 0; i < sizeof(nat_chains)/sizeof(nat_chains[0]); i += 2)
                        {
                                r = fw3_ipt_rule_new(handle);
-                               fw3_ipt_rule_comment(r, "user chain for %s", nat_chains[i+1]);
+                               fw3_ipt_rule_comment(r, "Custom %s %s rule chain", zone->name, nat_chains[i+1]);
                                fw3_ipt_rule_target(r, "%s_%s_rule", nat_chains[i+1], zone->name);
                                fw3_ipt_rule_append(r, "zone_%s_%s", zone->name, nat_chains[i]);
                        }
@@ -509,7 +509,7 @@ print_interface_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
                                fw3_ipt_rule_addarg(r, false, "--tcp-flags", "SYN,RST");
                                fw3_ipt_rule_addarg(r, false, "SYN", NULL);
                                fw3_ipt_rule_limit(r, &zone->log_limit);
-                               fw3_ipt_rule_comment(r, "%s (mtu_fix logging)", zone->name);
+                               fw3_ipt_rule_comment(r, "Zone %s MTU fix logging", zone->name);
                                fw3_ipt_rule_target(r, "LOG");
                                fw3_ipt_rule_addarg(r, false, "--log-prefix", buf);
                                fw3_ipt_rule_replace(r, "FORWARD");
@@ -518,7 +518,7 @@ print_interface_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
                        r = fw3_ipt_rule_create(handle, &tcp, NULL, dev, NULL, sub);
                        fw3_ipt_rule_addarg(r, false, "--tcp-flags", "SYN,RST");
                        fw3_ipt_rule_addarg(r, false, "SYN", NULL);
-                       fw3_ipt_rule_comment(r, "%s (mtu_fix)", zone->name);
+                       fw3_ipt_rule_comment(r, "Zone %s MTU fixing", zone->name);
                        fw3_ipt_rule_target(r, "TCPMSS");
                        fw3_ipt_rule_addarg(r, false, "--clamp-mss-to-pmtu", NULL);
                        fw3_ipt_rule_replace(r, "FORWARD");