# # Shorewall 2.2 /usr/share/shorewall/actions.std # # # Builtin Actions are: # # allowBcast #Silently Allow Broadcast/multicast # dropBcast #Silently Drop Broadcast/multicast # dropNonSyn #Silently Drop Non-syn TCP packets # rejNonSyn #Silently Reject Non-syn TCP packets # dropInvalid #Silently Drop packets that are in the INVALID # #conntrack state. # allowInvalid #Accept packets that are in the INVALID # #conntrack state. # # The NonSyn logging builtins log at the level specified by LOGNEWNOTSYN in # shorewall.conf. If that option isn't specified then 'info' is used. # #ACTION DropSMB #Silently Drops Microsoft SMB Traffic RejectSMB #Silently Reject Microsoft SMB Traffic DropUPnP #Silently Drop UPnP Probes RejectAuth #Silently Reject Auth DropPing #Silently Drop Ping DropDNSrep #Silently Drop DNS Replies AllowPing #Accept Ping AllowFTP #Accept FTP AllowDNS #Accept DNS AllowSSH #Accept SSH AllowWeb #Allow Web Browsing AllowSMB #Allow MS Networking AllowAuth #Allow Auth (identd) AllowSMTP #Allow SMTP (Email) AllowPOP3 #Allow reading mail via POP3 AllowICMPs #Allows critical ICMP types AllowIMAP #Allow reading mail via IMAP AllowTelnet #Allow Telnet Access (not recommended for use over the #Internet) AllowVNC #Allow VNC viewer->server, Displays 0-9 AllowVNCL #Allow VNC server->viewer in listening mode AllowNTP #Allow Network Time Protocol (ntpd) AllowRdate #Allow remote time (rdate). AllowNNTP #Allow network news (Usenet). AllowTrcrt #Allows Traceroute (20 hops) AllowSNMP #Allows SNMP (including traps) AllowPCA #Allows PCAnywhere (tm) Drop:DROP #Common Action for DROP policy Reject:REJECT #Common Action for REJECT policy #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE