extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-13 21:27:00 +02:00
Code Issues Packages Projects Releases Wiki Activity

Make the Invalid Drop rules uniform across sample files.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-06-27 15:16:16 -07:00
parent 0bf2753472
commit 41c7c8f923
8 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/Samples/Universal/rules
View File

@ -13,6 +13,6 @@
#SECTION ESTABLISHED #SECTION ESTABLISHED
#SECTION RELATED #SECTION RELATED
SECTION NEW SECTION NEW
Invalid(DROP) net $FW tcp
SSH(ACCEPT) net $FW SSH(ACCEPT) net $FW
Ping(ACCEPT) net $FW Ping(ACCEPT) net $FW

4
Shorewall/Samples/one-interface/rules
View File

@ -18,6 +18,10 @@
#SECTION RELATED #SECTION RELATED
SECTION NEW SECTION NEW
# Drop packets in the INVALID state
Invalid(DROP) net $FW tcp
# Drop Ping from the "bad" net zone.. and prevent your log from being flooded.. # Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
Ping(DROP) net $FW Ping(DROP) net $FW

2
Shorewall/Samples/three-interfaces/rules
View File

@ -20,7 +20,7 @@ SECTION NEW
# Don't allow connection pickup from the net # Don't allow connection pickup from the net
# #
Invalid(DROP) net all Invalid(DROP) net all tcp
# #
# Accept DNS connections from the firewall to the Internet # Accept DNS connections from the firewall to the Internet
# #

2
Shorewall/Samples/two-interfaces/rules
View File

@ -20,7 +20,7 @@ SECTION NEW
# Don't allow connection pickup from the net # Don't allow connection pickup from the net
# #
Invalid(DROP) net all Invalid(DROP) net all tcp
# #
# Accept DNS connections from the firewall to the network # Accept DNS connections from the firewall to the network
# #

1
Shorewall6/Samples6/Universal/rules
View File

@ -14,5 +14,6 @@
#SECTION RELATED #SECTION RELATED
SECTION NEW SECTION NEW
Invalid(DROP) net $FW tcp
SSH(ACCEPT) net $FW SSH(ACCEPT) net $FW
Ping(ACCEPT) net $FW Ping(ACCEPT) net $FW

4
Shorewall6/Samples6/one-interface/rules
View File

@ -18,6 +18,10 @@
#SECTION RELATED #SECTION RELATED
SECTION NEW SECTION NEW
# Drop packets in the INVALID state
Invalid(DROP) net $FW tcp
# Drop Ping from the "bad" net zone.. and prevent your log from being flooded.. # Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
Ping(DROP) net $FW Ping(DROP) net $FW

2
Shorewall6/Samples6/three-interfaces/rules
View File

@ -20,7 +20,7 @@ SECTION NEW
# Don't allow connection pickup from the net # Don't allow connection pickup from the net
# #
Invalid(DROP) net all Invalid(DROP) net all tcp
# #
# Accept DNS connections from the firewall to the Internet # Accept DNS connections from the firewall to the Internet
# #

2
Shorewall6/Samples6/two-interfaces/rules
View File

@ -20,7 +20,7 @@ SECTION NEW
# Don't allow connection pickup from the net # Don't allow connection pickup from the net
# #
Invalid(DROP) net all Invalid(DROP) net all tcp
# #
# Accept DNS connections from the firewall to the network # Accept DNS connections from the firewall to the network
# #