# # Shorewall version 5 - Drop TCPFlags Action # # /usr/share/shorewall/action.TCPFlags # # Accepts a single optional parameter: # # - = Do not Audit # audit = Audit dropped packets. # ################################################################################# ?format 2 DEFAULTS - ?begin perl; use strict; use Shorewall::Config qw(:DEFAULT F_IPV4 F_IPV6); use Shorewall::Chains; use Shorewall::Rules; my $action = 'DROP'; my ( $audit ) = get_action_params( 1 ); if ( supplied $audit ) { fatal_error "Invalid parameter ($audit) to action TCPFlags" if $audit ne 'audit'; $action = "A_DROP"; } perl_action_tcp_helper( $action, '-p tcp --tcp-flags ALL FIN,URG,PSH' ); perl_action_tcp_helper( $action, '-p tcp --tcp-flags ALL NONE' ); perl_action_tcp_helper( $action, '-p tcp --tcp-flags SYN,RST SYN,RST' ); perl_action_tcp_helper( $action, '-p tcp --tcp-flags SYN,FIN SYN,FIN' ); perl_action_tcp_helper( $action, '-p tcp --syn --sport 0' ); ?end perl;