extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-03 03:59:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add RST action.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-05-06 12:14:30 -07:00
parent aac00c3cc7
commit cb159eba2e
2 changed files with 57 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
Shorewall/action.RST Normal file
View File

@ -0,0 +1,56 @@
#
# Shorewall 4 - RST Action
#
# /usr/share/shorewall/action.RST
#
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
#
# (c) 2011 - Tom Eastep (teastep@shorewall.net)
#
# Complete documentation is available at http://shorewall.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of Version 2 of the GNU General Public License
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
# RST[([<action>|-[,{audit|-}])]
#
# Default action is DROP
#
##########################################################################################
FORMAT 2
DEFAULTS DROP,-
BEGIN PERL;
use Shorewall::IPAddrs;
use Shorewall::Config;
use Shorewall::Chains;
my ( $action, $audit ) = get_action_params( 2 );
fatal_error "Invalid parameter ($audit) to action NotSyn" if supplied $audit && $audit ne 'audit';
fatal_error "Invalid parameter ($action) to action NotSyn" unless $action =~ /^(?:ACCEPT|DROP|REJECT)$/;
my $chainref = get_action_chain;
my ( $level, $tag ) = get_action_logging;
my $target = require_audit ( $action , $audit );
log_rule_limit $level, $chainref, 'RST' , $action, '', $tag, 'add', '-p 6 --tcp-flags RST RST ' if $level ne '';
add_jump $chainref , $target, 0, '-p 6 --tcp-flags RST RST, ';
allow_optimize( $chainref );
1;
END PERL;

1
Shorewall/actions.std
View File

@ -41,4 +41,5 @@ DropSmurfs # Drop smurf packets
Invalid # Handles packets in the INVALID conntrack state
NotSyn # Handles TCP packets which do not have SYN=1 and ACK=0
Reject # Default Action for REJECT policy
RST # Handle packets with RST set
TCPFlags # Handle bad flag combinations.