2008-12-09 17:50:17 +01:00
|
|
|
#
|
2008-12-09 21:15:57 +01:00
|
|
|
# Shorewall6 version 4 - Actions.std File
|
2008-12-09 17:50:17 +01:00
|
|
|
#
|
2008-12-09 21:15:57 +01:00
|
|
|
# /usr/share/shorewall6/actions.std
|
2008-12-09 17:50:17 +01:00
|
|
|
#
|
|
|
|
# Please see http://shorewall.net/Actions.html for additional
|
|
|
|
# information.
|
|
|
|
#
|
|
|
|
# Builtin Actions are:
|
|
|
|
#
|
2012-04-24 23:52:57 +02:00
|
|
|
# allowBcasts # Accept multicast and anycast packets
|
2008-12-13 19:22:42 +01:00
|
|
|
# dropBcasts # Silently Drop multicast and anycast packets
|
2008-12-09 17:50:17 +01:00
|
|
|
# dropNotSyn # Silently Drop Non-syn TCP packets
|
|
|
|
# rejNotSyn # Silently Reject Non-syn TCP packets
|
|
|
|
# dropInvalid # Silently Drop packets that are in the INVALID
|
|
|
|
# # conntrack state.
|
|
|
|
# allowInvalid # Accept packets that are in the INVALID
|
|
|
|
# # conntrack state.
|
|
|
|
#
|
|
|
|
###############################################################################
|
|
|
|
#ACTION
|
2012-12-04 19:54:32 +01:00
|
|
|
A_Drop # Audited Default Action for DROP policy
|
|
|
|
A_Reject # Audited Default Action for REJECT policy
|
|
|
|
A_AllowICMPs # Audited Accept needed ICMP6 types
|
|
|
|
AllowICMPs # Accept needed ICMP6 types
|
2013-01-28 00:40:53 +01:00
|
|
|
Broadcast noinline # Handles Broadcast/Multicast/Anycast
|
2012-12-04 19:54:32 +01:00
|
|
|
Drop # Default Action for DROP policy
|
2013-01-28 00:40:53 +01:00
|
|
|
DropSmurfs noinline # Handles packets with a broadcast source address
|
2013-01-28 21:07:04 +01:00
|
|
|
Established noinline # Handles packets in the ESTABLISHED state
|
2013-01-28 00:40:53 +01:00
|
|
|
Invalid noinline # Handles packets in the INVALID conntrack state
|
|
|
|
NotSyn noinline # Handles TCP packets that do not have SYN=1 and ACK=0
|
2012-12-04 19:54:32 +01:00
|
|
|
Reject # Default Action for REJECT policy
|
2013-01-28 00:40:53 +01:00
|
|
|
Related noinline # Handles packets in the RELATED conntrack state
|
|
|
|
RST noinline # Handle packets with RST set
|
|
|
|
TCPFlags noinline # Handles bad flags combinations
|
|
|
|
Untracked noinline # Handles packets in the UNTRACKED conntrack state
|