2011-10-03 03:41:58 +02:00
|
|
|
#
|
2015-07-28 19:59:11 +02:00
|
|
|
# Shorewall version 5 - Drop TCPFlags Action
|
2011-10-03 03:41:58 +02:00
|
|
|
#
|
2012-11-01 15:20:50 +01:00
|
|
|
# /usr/share/shorewall/action.TCPFlags
|
2011-10-03 03:41:58 +02:00
|
|
|
#
|
2011-10-05 18:32:26 +02:00
|
|
|
# Accepts a single optional parameter:
|
2011-10-03 03:41:58 +02:00
|
|
|
#
|
|
|
|
# - = Do not Audit
|
2011-10-05 18:32:26 +02:00
|
|
|
# audit = Audit dropped packets.
|
2011-10-03 03:41:58 +02:00
|
|
|
#
|
|
|
|
#################################################################################
|
|
|
|
|
2016-03-13 00:09:31 +01:00
|
|
|
DEFAULTS -
|
|
|
|
|
2016-03-13 02:01:52 +01:00
|
|
|
?if @1 ne '' && @1 ne '-'
|
|
|
|
?if @1 eq 'audit'
|
|
|
|
?set tcpflags_action A_DROP
|
|
|
|
?else
|
|
|
|
?error The parameter to TCPFlags must be 'audit' or '-'
|
|
|
|
?endif
|
|
|
|
?else
|
|
|
|
?set tcpflags_action DROP
|
|
|
|
?endif
|
|
|
|
|
|
|
|
$tcpflags_action - - ;;+ -p 6 --tcp-flags ALL FIN,URG,PSH
|
|
|
|
$tcpflags_action - - ;;+ -p 6 --tcp-flags ALL NONE
|
|
|
|
$tcpflags_action - - ;;+ -p 6 --tcp-flags SYN,RST SYN,RST
|
|
|
|
$tcpflags_action - - ;;+ -p 6 --tcp-flags SYN,FIN SYN,FIN
|
|
|
|
$tcpflags_action - - ;;+ -p tcp --syn --sport 0
|
2016-03-13 00:09:31 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
2011-10-03 03:41:58 +02:00
|
|
|
|
|
|
|
|