shorewall_code/Shorewall6/actions.std

#
# Shorewall6 version 5 - Actions.std File
#
# /usr/share/shorewall6/actions.std
#
#	Please see http://shorewall.net/Actions.html for additional
#	information.
#
# Builtin Actions are:
#
?if 0
allowBcasts                     # Accept anycast packets
allowMcasts                     # Accept multicast packets
dropBcasts                      # Silently Drop anycast packets
dropMcasts                      # Silently Drop multicast packets
dropNotSyn		        # Silently Drop Non-syn TCP packets
rejNotSyn		        # Silently Reject Non-syn TCP packets
?endif
###############################################################################
#ACTION
A_Drop	                        # Audited Default Action for DROP policy
A_Reject	                # Audited Default Action for REJECT policy
A_AllowICMPs	                # Audited Accept needed ICMP6 types
AllowICMPs   	                # Accept needed ICMP6 types
allowInvalid inline		# Accepts packets in the INVALID conntrack state
AutoBL       noinline           # Auto-blacklist IPs that exceed thesholds
AutoBLL      noinline           # Helper for AutoBL
Broadcast    noinline      	# Handles Broadcast/Anycast
Drop		        	# Default Action for DROP policy (deprecated)
dropInvalid  inline		# Drops packets in the INVALID conntrack state
DropDNSrep   inline		# Drops DNS replies
DropSmurfs   noinline     	# Handles packets with a broadcast source address
Established  inline,\		# Handles packets in the ESTABLISHED state
	     state=ESTABLISHED
IfEvent      noinline           # Perform an action based on an event
Invalid      inline,audit,\     # Handles packets in the INVALID conntrack state
             state=INVALID
Multicast    noinline      	# Handles Multicast
New	     inline,state=NEW	# Handles packets in the NEW conntrack state
NotSyn	     inline 		# Handles TCP packets that do not have SYN=1 and ACK=0
Reject		        	# Default Action for REJECT policy (deprecated)
Related      inline,\		# Handles packets in the RELATED conntrack state
             state=RELATED
ResetEvent   inline		# Reset an Event
RST	     inline             # Handle packets with RST set
SetEvent     inline		# Initialize an event
TCPFlags    			# Handles bad flags combinations
Untracked    inline,\           # Handles packets in the UNTRACKED conntrack state
	     state=UNTRACKED
Create Shorewall6 and Shorewall6-lite git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8957 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2008-12-09 17:50:17 +01:00			`#`
More version changes Signed-off-by: Tom Eastep <teastep@shorewall.net> 2015-07-28 19:59:11 +02:00			`# Shorewall6 version 5 - Actions.std File`
Create Shorewall6 and Shorewall6-lite git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8957 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2008-12-09 17:50:17 +01:00			`#`
Second set of IPv6 Changes git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8959 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2008-12-09 21:15:57 +01:00			`# /usr/share/shorewall6/actions.std`
Create Shorewall6 and Shorewall6-lite git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8957 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2008-12-09 17:50:17 +01:00			`#`
			`# Please see http://shorewall.net/Actions.html for additional`
			`# information.`
			`#`
			`# Builtin Actions are:`
			`#`
Convert the state actions to use the 'state' action option - Also avoid the CLI having to know about builtin actions Signed-off-by: Tom Eastep <teastep@shorewall.net> 2016-03-14 22:54:09 +01:00			`?if 0`
Handle broadcast and muticast separately Signed-off-by: Tom Eastep <teastep@shorewall.net> 2017-02-15 19:16:20 +01:00			`allowBcasts # Accept anycast packets`
			`allowMcasts # Accept multicast packets`
			`dropBcasts # Silently Drop anycast packets`
			`dropMcasts # Silently Drop multicast packets`
Convert the state actions to use the 'state' action option - Also avoid the CLI having to know about builtin actions Signed-off-by: Tom Eastep <teastep@shorewall.net> 2016-03-14 22:54:09 +01:00			`dropNotSyn # Silently Drop Non-syn TCP packets`
			`rejNotSyn # Silently Reject Non-syn TCP packets`
			`?endif`
Create Shorewall6 and Shorewall6-lite git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8957 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2008-12-09 17:50:17 +01:00			`###############################################################################`
			`#ACTION`
Add additional space for the OPTIONS column - actions and actions.std problem Signed-off-by: Tom Eastep <teastep@shorewall.net> 2012-12-04 19:54:32 +01:00			`A_Drop # Audited Default Action for DROP policy`
			`A_Reject # Audited Default Action for REJECT policy`
			`A_AllowICMPs # Audited Accept needed ICMP6 types`
			`AllowICMPs # Accept needed ICMP6 types`
Convert dropInvalid and allowInvalid to inline actions. Signed-off-by: Tom Eastep <teastep@shorewall.net> 2013-02-07 20:21:13 +01:00			`allowInvalid inline # Accepts packets in the INVALID conntrack state`
Add an AutoBL action with helper AutoBLL Signed-off-by: Tom Eastep <teastep@shorewall.net> 2013-07-17 19:19:18 +02:00			`AutoBL noinline # Auto-blacklist IPs that exceed thesholds`
			`AutoBLL noinline # Helper for AutoBL`
Handle broadcast and muticast separately Signed-off-by: Tom Eastep <teastep@shorewall.net> 2017-02-15 19:16:20 +01:00			`Broadcast noinline # Handles Broadcast/Anycast`
Deprecate Drop and Reject in actions.std Signed-off-by: Tom Eastep <teastep@shorewall.net> 2017-02-12 18:28:38 +01:00			`Drop # Default Action for DROP policy (deprecated)`
Convert dropInvalid and allowInvalid to inline actions. Signed-off-by: Tom Eastep <teastep@shorewall.net> 2013-02-07 20:21:13 +01:00			`dropInvalid inline # Drops packets in the INVALID conntrack state`
Adjust .conf files Signed-off-by: Tom Eastep <teastep@shorewall.net> 2017-02-11 22:41:28 +01:00			`DropDNSrep inline # Drops DNS replies`
Reinstate IPv6 DropSmurfs Signed-off-by: Tom Eastep <teastep@shorewall.net> 2014-10-10 18:42:23 +02:00			`DropSmurfs noinline # Handles packets with a broadcast source address`
Convert the state actions to use the 'state' action option - Also avoid the CLI having to know about builtin actions Signed-off-by: Tom Eastep <teastep@shorewall.net> 2016-03-14 22:54:09 +01:00			`Established inline,\ # Handles packets in the ESTABLISHED state`
			`state=ESTABLISHED`
Allow Events with Shorewall6 Signed-off-by: Tom Eastep <teastep@shorewall.net> 2013-07-12 18:45:41 +02:00			`IfEvent noinline # Perform an action based on an event`
Convert the state actions to use the 'state' action option - Also avoid the CLI having to know about builtin actions Signed-off-by: Tom Eastep <teastep@shorewall.net> 2016-03-14 22:54:09 +01:00			`Invalid inline,audit,\ # Handles packets in the INVALID conntrack state`
			`state=INVALID`
Handle broadcast and muticast separately Signed-off-by: Tom Eastep <teastep@shorewall.net> 2017-02-15 19:16:20 +01:00			`Multicast noinline # Handles Multicast`
Convert the state actions to use the 'state' action option - Also avoid the CLI having to know about builtin actions Signed-off-by: Tom Eastep <teastep@shorewall.net> 2016-03-14 22:54:09 +01:00			`New inline,state=NEW # Handles packets in the NEW conntrack state`
Convert dropInvalid and allowInvalid to inline actions. Signed-off-by: Tom Eastep <teastep@shorewall.net> 2013-02-07 20:21:13 +01:00			`NotSyn inline # Handles TCP packets that do not have SYN=1 and ACK=0`
Deprecate Drop and Reject in actions.std Signed-off-by: Tom Eastep <teastep@shorewall.net> 2017-02-12 18:28:38 +01:00			`Reject # Default Action for REJECT policy (deprecated)`
Convert the state actions to use the 'state' action option - Also avoid the CLI having to know about builtin actions Signed-off-by: Tom Eastep <teastep@shorewall.net> 2016-03-14 22:54:09 +01:00			`Related inline,\ # Handles packets in the RELATED conntrack state`
			`state=RELATED`
Allow Events with Shorewall6 Signed-off-by: Tom Eastep <teastep@shorewall.net> 2013-07-12 18:45:41 +02:00			`ResetEvent inline # Reset an Event`
Convert dropInvalid and allowInvalid to inline actions. Signed-off-by: Tom Eastep <teastep@shorewall.net> 2013-02-07 20:21:13 +01:00			`RST inline # Handle packets with RST set`
Allow Events with Shorewall6 Signed-off-by: Tom Eastep <teastep@shorewall.net> 2013-07-12 18:45:41 +02:00			`SetEvent inline # Initialize an event`
Simplify Perl from actions even further. Signed-off-by: Tom Eastep <teastep@shorewall.net> 2013-02-02 00:55:39 +01:00			`TCPFlags # Handles bad flags combinations`
Convert the state actions to use the 'state' action option - Also avoid the CLI having to know about builtin actions Signed-off-by: Tom Eastep <teastep@shorewall.net> 2016-03-14 22:54:09 +01:00			`Untracked inline,\ # Handles packets in the UNTRACKED conntrack state`
			`state=UNTRACKED`