shorewall_code/Shorewall/actions.std

48 lines
2.3 KiB
Plaintext
Raw Normal View History

#
# Shorewall version 4 - Actions.std File
#
# /usr/share/shorewall/actions.std
#
# Please see http://shorewall.net/Actions.html for additional
# information.
#
# Builtin Actions are:
#
# A_ACCEPT # Audits then accepts a connection request
# A_DROP # Audits then drops a connection request
# A_REJECT # Audits then drops a connection request
# allowBcast # Silently Allow Broadcast/multicast
# dropBcast # Silently Drop Broadcast/multicast
# dropNotSyn # Silently Drop Non-syn TCP packets
# rejNotSyn # Silently Reject Non-syn TCP packets
# dropInvalid # Silently Drop packets that are in the INVALID
# # conntrack state.
# allowInvalid # Accept packets that are in the INVALID
# # conntrack state.
# allowoutUPnP # Allow traffic from local command 'upnpd' (does not
# # work with kernel 2.6.14 and later).
# allowinUPnP # Allow UPnP inbound (to firewall) traffic
# forwardUPnP # Allow traffic that upnpd has redirected from
# # 'upnp' interfaces.
# drop1918src # Drop packets with an RFC 1918 source address
# drop1918dst # Drop packets with an RFC 1918 original dest address
# rej1918src # Reject packets with an RFC 1918 source address
# rej1918dst # Reject packets with an RFC 1918 original dest address
# Limit # Limit the rate of connections from each individual
# # IP address
#
###############################################################################
#ACTION
A_Drop # Audited Default Action for DROP policy
A_Reject # Audited Default action for REJECT policy
Broadcast noinline # Handles Broadcast/Multicast/Anycast
Drop # Default Action for DROP policy
DropSmurfs noinline # Drop smurf packets
Invalid noinline # Handles packets in the INVALID conntrack state
NotSyn noinline # Handles TCP packets which do not have SYN=1 and ACK=0
Reject # Default Action for REJECT policy
Related noinline # Handles packets in the RELATED conntrack state
RST noinline # Handle packets with RST set
TCPFlags noinline # Handle bad flag combinations.
Untracked noinline # Handles packets in the UNTRACKED conntrack state