diff --git a/Shorewall/action.AllowAmanda b/Shorewall/action.AllowAmanda new file mode 100644 index 000000000..ce3ae1977 --- /dev/null +++ b/Shorewall/action.AllowAmanda @@ -0,0 +1,11 @@ +# +# Shorewall 2.0 /etc/shorewall/action.AllowAmanda +# +# This action accepts connections required by the Amanda backup system. +# +###################################################################################### +#TARGET SOURCE DEST PROTO DEST SOURCE RATE +# PORT PORT(S) LIMIT +ACCEPT - - udp amanda +ACCEPT - - tcp 50000:50100 +#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall/action.AllowBitTorrent b/Shorewall/action.AllowBitTorrent new file mode 100644 index 000000000..b12a8a5b7 --- /dev/null +++ b/Shorewall/action.AllowBitTorrent @@ -0,0 +1,10 @@ +# +# Shorewall 2.0 /etc/shorewall/action.AllowBitTorrent +# +# This action accepts BitTorrent traffic. +# +###################################################################################### +#TARGET SOURCE DEST PROTO DEST SOURCE RATE +# PORT PORT(S) LIMIT +ACCEPT - - tcp 6881:6889 +#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall/action.AllowCVS b/Shorewall/action.AllowCVS new file mode 100644 index 000000000..5aaaa0915 --- /dev/null +++ b/Shorewall/action.AllowCVS @@ -0,0 +1,10 @@ +# +# Shorewall 2.0 /etc/shorewall/action.AllowCVS +# +# This action accepts connections required by the CVS server +# +###################################################################################### +#TARGET SOURCE DEST PROTO DEST SOURCE RATE +# PORT PORT(S) LIMIT +ACCEPT - - tcp 2401 +#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall/action.AllowDistcc b/Shorewall/action.AllowDistcc new file mode 100644 index 000000000..862d16119 --- /dev/null +++ b/Shorewall/action.AllowDistcc @@ -0,0 +1,10 @@ +# +# Shorewall 2.0 /etc/shorewall/action.AllowDistcc +# +# This action accepts connections required by the Distributed Compiler service +# +###################################################################################### +#TARGET SOURCE DEST PROTO DEST SOURCE RATE +# PORT PORT(S) LIMIT +ACCEPT - - tcp 3632 +#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall/action.AllowEdonkey b/Shorewall/action.AllowEdonkey new file mode 100644 index 000000000..cfa3fe4c7 --- /dev/null +++ b/Shorewall/action.AllowEdonkey @@ -0,0 +1,11 @@ +# +# Shorewall 2.2 /usr/share/shorewall/action.AllowEdonkey +# +# This action accepts Edonkey traffic +# +###################################################################################### +#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/ +# PORT PORT(S) LIMIT GROUP +ACCEPT - - tcp 4662 +ACCEPT - - udp 4665 +#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall/action.AllowGnutella b/Shorewall/action.AllowGnutella new file mode 100644 index 000000000..fa11e8f96 --- /dev/null +++ b/Shorewall/action.AllowGnutella @@ -0,0 +1,11 @@ +# +# Shorewall 2.2 /usr/share/shorewall/action.AllowGnutella +# +# This action accepts gnutella traffic +# +###################################################################################### +#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/ +# PORT PORT(S) LIMIT GROUP +ACCEPT - - tcp 6346 +ACCEPT - - udp 6346 +#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall/action.AllowICQ b/Shorewall/action.AllowICQ new file mode 100644 index 000000000..b4680b3cb --- /dev/null +++ b/Shorewall/action.AllowICQ @@ -0,0 +1,10 @@ +# +# Shorewall 2.0 /etc/shorewall/action.AllowICQ +# +# This action accepts ICQ traffic. +# +###################################################################################### +#TARGET SOURCE DEST PROTO DEST SOURCE RATE +# PORT PORT(S) LIMIT +ACCEPT - - tcp 5190 +#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall/action.AllowLDAP b/Shorewall/action.AllowLDAP new file mode 100644 index 000000000..2ca621817 --- /dev/null +++ b/Shorewall/action.AllowLDAP @@ -0,0 +1,10 @@ +# +# Shorewall 2.0 /etc/shorewall/action.AllowLDAP +# +# This action accepts LDAP traffic. +# +###################################################################################### +#TARGET SOURCE DEST PROTO DEST SOURCE RATE +# PORT PORT(S) LIMIT +ACCEPT - - tcp ldap +#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall/action.AllowMySQL b/Shorewall/action.AllowMySQL new file mode 100644 index 000000000..1a2045078 --- /dev/null +++ b/Shorewall/action.AllowMySQL @@ -0,0 +1,10 @@ +# +# Shorewall 2.0 /etc/shorewall/action.AllowMySQL +# +# This action accepts connections required by the MySQL server +# +###################################################################################### +#TARGET SOURCE DEST PROTO DEST SOURCE RATE +# PORT PORT(S) LIMIT +ACCEPT - - tcp 3306 +#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall/action.AllowPostgreSQL b/Shorewall/action.AllowPostgreSQL new file mode 100644 index 000000000..597d9bfc7 --- /dev/null +++ b/Shorewall/action.AllowPostgreSQL @@ -0,0 +1,10 @@ +# +# Shorewall 2.0 /etc/shorewall/action.AllowPostgreSQL +# +# This action accepts connections required by the PostgreSQL server +# +###################################################################################### +#TARGET SOURCE DEST PROTO DEST SOURCE RATE +# PORT PORT(S) LIMIT +ACCEPT - - tcp 5432 +#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall/action.AllowRsync b/Shorewall/action.AllowRsync new file mode 100644 index 000000000..f15e17c3b --- /dev/null +++ b/Shorewall/action.AllowRsync @@ -0,0 +1,10 @@ +# +# Shorewall 2.0 /etc/shorewall/action.AllowRsync +# +# This action accepts connections required by the Rsync server +# +###################################################################################### +#TARGET SOURCE DEST PROTO DEST SOURCE RATE +# PORT PORT(S) LIMIT +ACCEPT - - tcp rsync +#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall/action.AllowSMBswat b/Shorewall/action.AllowSMBswat new file mode 100644 index 000000000..0432f0e19 --- /dev/null +++ b/Shorewall/action.AllowSMBswat @@ -0,0 +1,10 @@ +# +# Shorewall 2.0 /etc/shorewall/action.AllowSMBswat +# +# This action accepts connections required by the Amanda backup system. +# +###################################################################################### +#TARGET SOURCE DEST PROTO DEST SOURCE RATE +# PORT PORT(S) LIMIT +ACCEPT - - tcp 901 +#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall/action.AllowSPAMD b/Shorewall/action.AllowSPAMD new file mode 100644 index 000000000..d8515f803 --- /dev/null +++ b/Shorewall/action.AllowSPAMD @@ -0,0 +1,10 @@ +# +# Shorewall 2.0 /etc/shorewall/action.AllowSPAMD +# +# This action accepts SPAMD traffic. +# +###################################################################################### +#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/ +# PORT PORT(S) LIMIT GROUP +ACCEPT - - tcp 783 +#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall/action.AllowSVN b/Shorewall/action.AllowSVN new file mode 100644 index 000000000..7a07f9b84 --- /dev/null +++ b/Shorewall/action.AllowSVN @@ -0,0 +1,10 @@ +# +# Shorewall 2.0 /etc/shorewall/action.AllowSVN +# +# This action accepts connections required by the Subversion server +# +###################################################################################### +#TARGET SOURCE DEST PROTO DEST SOURCE RATE +# PORT PORT(S) LIMIT +ACCEPT - - tcp 3690 +#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall/action.AllowSyslog b/Shorewall/action.AllowSyslog new file mode 100644 index 000000000..8065c8778 --- /dev/null +++ b/Shorewall/action.AllowSyslog @@ -0,0 +1,10 @@ +# +# Shorewall 2.0 /etc/shorewall/action.AllowSyslog +# +# This action accepts syslog UDP traffic. +# +###################################################################################### +#TARGET SOURCE DEST PROTO DEST SOURCE RATE +# PORT PORT(S) LIMIT +ACCEPT - - udp syslog +#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall/action.DropEdonkey b/Shorewall/action.DropEdonkey new file mode 100644 index 000000000..a2f966e36 --- /dev/null +++ b/Shorewall/action.DropEdonkey @@ -0,0 +1,12 @@ +# +# Shorewall 2.0 /etc/shorewall/action.DropEdonkey +# +# This action silently drops Edonkey Traffic. +# +###################################################################################### +#TARGET SOURCE DEST PROTO DEST SOURCE RATE +# PORT PORT(S) LIMIT +# PORT PORT(S) LIMIT GROUP +DROP - - tcp 4662 +DROP - - udp 4665 +#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall/action.DropGnutella b/Shorewall/action.DropGnutella new file mode 100644 index 000000000..669698411 --- /dev/null +++ b/Shorewall/action.DropGnutella @@ -0,0 +1,11 @@ +# +# Shorewall 2.0 /etc/shorewall/action.DropGnutella +# +# This action silently drops Gnutella traffic. +# +###################################################################################### +#TARGET SOURCE DEST PROTO DEST SOURCE RATE +# PORT PORT(S) LIMIT +DROP - - tcp 6346 +DROP - - udp 6346 +#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall/action.DropSMTP b/Shorewall/action.DropSMTP new file mode 100644 index 000000000..f22174073 --- /dev/null +++ b/Shorewall/action.DropSMTP @@ -0,0 +1,10 @@ +# +# Shorewall 2.0 /etc/shorewall/action.DropSMTP +# +# This action silently drops SMTP traffic. +# +###################################################################################### +#TARGET SOURCE DEST PROTO DEST SOURCE RATE +# PORT PORT(S) LIMIT +DROP - - tcp smtp +#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall/actions.std b/Shorewall/actions.std index c61df8354..08e9377c9 100644 --- a/Shorewall/actions.std +++ b/Shorewall/actions.std @@ -27,6 +27,8 @@ DropUPnP #Silently Drop UPnP Probes RejectAuth #Silently Reject Auth DropPing #Silently Drop Ping DropDNSrep #Silently Drop DNS Replies +DropEdonkey # silently drop edonkey traffic +DropGnutella # silently drop gnutella traffic AllowPing #Accept Ping AllowFTP #Accept FTP @@ -50,6 +52,24 @@ AllowTrcrt #Allows Traceroute (20 hops) AllowSNMP #Allows SNMP (including traps) AllowPCA #Allows PCAnywhere (tm) +# Added in Debian Packaging +AllowSPAMD #Allows SpamAssassin daemon +AllowSyslog #Allows syslog udp traffic +AllowAmanda # Allow connections required by the Amanda backup system +AllowLDAP # accepts LDAP traffic +AllowICQ # Accepts ICQ traffic +AllowBitTorrent # Accepts BitTorrent traffic +AllowSMBswat # Allows Samba Swat +DropSMTP # silently drops SMTP traffic +AllowCVS # accept cvs pserver traffic +AllowSVN # accept Subversion traffic +AllowMySQL # accept MySQL traffic +AllowPostgreSQL # accept PostgreSQL traffic +AllowRsync # accept rsync traffic +AllowDistcc # accept Distributed Compiler traffic +AllowEdonkey # accept edonkey traffic +AllowGnutella # accept edonkey traffic + Drop:DROP #Common Action for DROP policy Reject:REJECT #Common Action for REJECT policy #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE