diff --git a/Shorewall/action.NotSyn b/Shorewall/action.NotSyn index 68edf7244..d1d1bee53 100644 --- a/Shorewall/action.NotSyn +++ b/Shorewall/action.NotSyn @@ -30,23 +30,4 @@ DEFAULTS DROP,- -?begin perl; - -use strict; -use Shorewall::IPAddrs; -use Shorewall::Config; -use Shorewall::Chains; -use Shorewall::Rules; - -my ( $action, $audit ) = get_action_params( 2 ); - -if ( supplied $audit ) { - fatal_error "Invalid parameter ($audit) to action NotSyn" if $audit ne 'audit'; - $action = "A_$action"; -} - -perl_action_tcp_helper( $action, '-p 6 ! --syn' ); - -1; - -?end perl; +@1 - - ;;+ -p 6 ! --syn diff --git a/Shorewall/action.RST b/Shorewall/action.RST index b83f39b5e..2bd1d7926 100644 --- a/Shorewall/action.RST +++ b/Shorewall/action.RST @@ -30,21 +30,4 @@ DEFAULTS DROP,- -?begin perl; - -use Shorewall::Config; -use Shorewall::Chains; -use Shorewall::Rules; - -my ( $action, $audit ) = get_action_params( 2 ); - -if ( supplied $audit ) { - fatal_error "Invalid parameter ($audit) to action RST" if $audit ne 'audit'; - $action = "A_$action"; -} - -perl_action_tcp_helper( $action, '-p 6 --tcp-flags RST RST' ); - -1; - -?end perl; +@1 - - ;;+ -p 6 --tcp-flags RST RST diff --git a/Shorewall/actions.std b/Shorewall/actions.std index 21d69f860..cf90e049d 100644 --- a/Shorewall/actions.std +++ b/Shorewall/actions.std @@ -40,11 +40,11 @@ GlusterFS inline # Handles GlusterFS IfEvent noinline # Perform an action based on an event Invalid inline # Handles packets in the INVALID conntrack state New inline # Handles packets in the NEW conntrack state -NotSyn inline # Handles TCP packets which do not have SYN=1 and ACK=0 +NotSyn inline,audit # Handles TCP packets which do not have SYN=1 and ACK=0 Reject # Default Action for REJECT policy Related inline # Handles packets in the RELATED conntrack state ResetEvent inline # Reset an Event -RST inline # Handle packets with RST set +RST inline,audit # Handle packets with RST set SetEvent inline # Initialize an event TCPFlags # Handle bad flag combinations. Untracked inline # Handles packets in the UNTRACKED conntrack state