# # Shorewall6 version 5 - Actions.std File # # /usr/share/shorewall6/actions.std # # Please see http://shorewall.net/Actions.html for additional # information. # ############################################################################### #ACTION AllowICMPs proto=58 # Accept needed ICMP6 types allowBcast inline # Silently Allow Broadcast allowInvalid inline # Accepts packets in the INVALID conntrack state allowMcast inline # Silently Allow Multicast AutoBL noinline # Auto-blacklist IPs that exceed thesholds AutoBLL noinline # Helper for AutoBL BLACKLIST logjump,section # Add sender to the dynamic blacklist Broadcast noinline # Handles Broadcast/Anycast dropBcast inline # Silently Drop Broadcast dropBcasts inline # Silently Drop Broadcast dropInvalid inline # Drops packets in the INVALID conntrack state dropMcast inline # Silently Drop Multicast dropNotSyn noinline,proto=6 # Silently Drop Non-syn TCP packets DropDNSrep inline,proto=17 # Drops DNS replies DropSmurfs noinline # Handles packets with a broadcast source address Established inline,\ # Handles packets in the ESTABLISHED state state=ESTABLISHED FIN inline,audit,\ # Handles ACK,FIN,PSH packets proto=6 forwardUPnP noinline # Allow traffic that upnpd has redirected from 'upnp' interfaces. IfEvent noinline # Perform an action based on an event Invalid inline,audit,\ # Handles packets in the INVALID conntrack state state=INVALID Multicast noinline # Handles Multicast New inline,state=NEW # Handles packets in the NEW conntrack state NotSyn inline,proto=6 # Handles TCP packets that do not have SYN=1 and ACK=0 rejNotSyn noinline,proto=6 # Silently Reject Non-syn TCP packets Related inline,\ # Handles packets in the RELATED conntrack state state=RELATED ResetEvent inline # Reset an Event RST inline,proto=6 # Handle packets with RST set SetEvent inline # Initialize an event TCPFlags proto=6 # Handles bad flags combinations Untracked inline,\ # Handles packets in the UNTRACKED conntrack state state=UNTRACKED