From cd512d2779846067d6f1346c8ee79fbd22147ba1 Mon Sep 17 00:00:00 2001 From: teastep Date: Thu, 31 Mar 2005 23:51:14 +0000 Subject: [PATCH] Remove common.def git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2020 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Lrp/etc/shorewall/common.def | 49 ------------------------------------ STABLE/common.def | 49 ------------------------------------ 2 files changed, 98 deletions(-) delete mode 100644 Lrp/etc/shorewall/common.def delete mode 100644 STABLE/common.def diff --git a/Lrp/etc/shorewall/common.def b/Lrp/etc/shorewall/common.def deleted file mode 100644 index ea3abeb35..000000000 --- a/Lrp/etc/shorewall/common.def +++ /dev/null @@ -1,49 +0,0 @@ -############################################################################ -# Shorewall 1.4 -- /etc/shorewall/common.def -# -# This file defines the rules that are applied before a policy of -# DROP or REJECT is applied. In addition to the rules defined in this file, -# the firewall will also define a DROP rule for each subnet broadcast -# address defined in /etc/shorewall/interfaces (including "detect"). -# -# Do not modify this file -- if you wish to change these rules, create -# /etc/shorewall/common to replace it. It is suggested that you include -# the command ". /etc/shorewall/common.def" in your -# /etc/shorewall/common file so that you will continue to get the -# advantage of new releases of this file. -# -run_iptables -A common -p icmp -j icmpdef -############################################################################ -# NETBIOS chatter -# -run_iptables -A common -p udp --dport 135 -j DROP -run_iptables -A common -p udp --dport 137:139 -j DROP -run_iptables -A common -p udp --dport 445 -j DROP -run_iptables -A common -p tcp --dport 139 -j DROP -run_iptables -A common -p tcp --dport 445 -j DROP -run_iptables -A common -p tcp --dport 135 -j DROP -############################################################################ -# UPnP -# -run_iptables -A common -p udp --dport 1900 -j DROP -############################################################################ -# BROADCASTS -# -run_iptables -A common -d 255.255.255.255 -j DROP -run_iptables -A common -d 224.0.0.0/4 -j DROP -############################################################################ -# AUTH -- Silently reject it so that connections don't get delayed. -# -run_iptables -A common -p tcp --dport 113 -j reject -############################################################################ -# DNS -- Silenty drop late replies -# -run_iptables -A common -p udp --sport 53 -mstate --state NEW -j DROP -############################################################################ -# ICMP -- Silently drop null-address ICMPs -# -run_iptables -A common -p icmp -s 0.0.0.0 -j DROP -run_iptables -A common -p icmp -d 0.0.0.0 -j DROP - - - diff --git a/STABLE/common.def b/STABLE/common.def deleted file mode 100644 index ea3abeb35..000000000 --- a/STABLE/common.def +++ /dev/null @@ -1,49 +0,0 @@ -############################################################################ -# Shorewall 1.4 -- /etc/shorewall/common.def -# -# This file defines the rules that are applied before a policy of -# DROP or REJECT is applied. In addition to the rules defined in this file, -# the firewall will also define a DROP rule for each subnet broadcast -# address defined in /etc/shorewall/interfaces (including "detect"). -# -# Do not modify this file -- if you wish to change these rules, create -# /etc/shorewall/common to replace it. It is suggested that you include -# the command ". /etc/shorewall/common.def" in your -# /etc/shorewall/common file so that you will continue to get the -# advantage of new releases of this file. -# -run_iptables -A common -p icmp -j icmpdef -############################################################################ -# NETBIOS chatter -# -run_iptables -A common -p udp --dport 135 -j DROP -run_iptables -A common -p udp --dport 137:139 -j DROP -run_iptables -A common -p udp --dport 445 -j DROP -run_iptables -A common -p tcp --dport 139 -j DROP -run_iptables -A common -p tcp --dport 445 -j DROP -run_iptables -A common -p tcp --dport 135 -j DROP -############################################################################ -# UPnP -# -run_iptables -A common -p udp --dport 1900 -j DROP -############################################################################ -# BROADCASTS -# -run_iptables -A common -d 255.255.255.255 -j DROP -run_iptables -A common -d 224.0.0.0/4 -j DROP -############################################################################ -# AUTH -- Silently reject it so that connections don't get delayed. -# -run_iptables -A common -p tcp --dport 113 -j reject -############################################################################ -# DNS -- Silenty drop late replies -# -run_iptables -A common -p udp --sport 53 -mstate --state NEW -j DROP -############################################################################ -# ICMP -- Silently drop null-address ICMPs -# -run_iptables -A common -p icmp -s 0.0.0.0 -j DROP -run_iptables -A common -p icmp -d 0.0.0.0 -j DROP - - -