# # Shorewall version 4 - Actions.std File # # /usr/share/shorewall/actions.std # # Please see http://shorewall.net/Actions.html for additional # information. # # Builtin Actions are: # # A_ACCEPT # Audits then accepts a connection request # A_DROP # Audits then drops a connection request # A_REJECT # Audits then drops a connection request # allowBcast # Silently Allow Broadcast/multicast # dropBcast # Silently Drop Broadcast/multicast # dropNotSyn # Silently Drop Non-syn TCP packets # rejNotSyn # Silently Reject Non-syn TCP packets # dropInvalid # Silently Drop packets that are in the INVALID # # conntrack state. # allowInvalid # Accept packets that are in the INVALID # # conntrack state. # allowoutUPnP # Allow traffic from local command 'upnpd' (does not # # work with kernel 2.6.14 and later). # allowinUPnP # Allow UPnP inbound (to firewall) traffic # forwardUPnP # Allow traffic that upnpd has redirected from # # 'upnp' interfaces. # drop1918src # Drop packets with an RFC 1918 source address # drop1918dst # Drop packets with an RFC 1918 original dest address # rej1918src # Reject packets with an RFC 1918 source address # rej1918dst # Reject packets with an RFC 1918 original dest address # Limit # Limit the rate of connections from each individual # # IP address # ############################################################################### #ACTION A_Drop # Audited Default Action for DROP policy A_Reject # Audited Default action for REJECT policy Broadcast noinline # Handles Broadcast/Multicast/Anycast Drop # Default Action for DROP policy DropSmurfs noinline # Drop smurf packets Established inline # Handles packets in the ESTABLISHED state Invalid inline # Handles packets in the INVALID conntrack state NotSyn inline # Handles TCP packets which do not have SYN=1 and ACK=0 Reject # Default Action for REJECT policy Related inline # Handles packets in the RELATED conntrack state RST inline # Handle packets with RST set TCPFlags noinline # Handle bad flag combinations. Untracked inline # Handles packets in the UNTRACKED conntrack state