#
# Shorewall version 5 - Actions.std File
#
# /usr/share/shorewall/actions.std
#
#	Please see http://shorewall.net/Actions.html for additional
#	information.
#
###############################################################################
#ACTION
A_REJECT     noinline,logjump	# Audits then rejects a connection request
A_REJECT!    inline		# Audits then rejects a connection request
AllowICMPs   inline		# Allow Required ICMP packets
allowBcast   inline		# Silently Allow Broadcast
allowinUPnP  inline		# Allow UPnP inbound (to firewall) traffic
allowInvalid inline		# Accepts packets in the INVALID conntrack state
allowMcast   inline		# Silently Allow Multicast
AutoBL	     noinline		# Auto-blacklist IPs that exceed thesholds
AutoBLL	     noinline		# Helper for AutoBL
BLACKLIST    logjump,section	# Add sender to the dynamic blacklist
?if __ADDRTYPE
Broadcast    inline,audit	# Handles Broadcast/Anycast
?else
Broadcast    noinline,audit	# Handles Broadcast/Anycast
?endif
DNSAmp	     proto=17		# Matches one-question recursive DNS queries
dropBcast    inline		# Silently Drop Broadcast
dropBcasts   inline		# Silently Drop Broadcast
dropInvalid  inline		# Drops packets in the INVALID conntrack state
dropMcast    inline		# Silently Drop Multicast
dropNotSyn   noinline,proto=6	# Silently Drop Non-syn TCP packets
DropDNSrep   inline,proto=17	# Drops DNS replies
DropSmurfs   noinline		# Drop smurf packets
Established  inline,\		# Handles packets in the ESTABLISHED state
	     state=ESTABLISHED	#
FIN	     inline,audit,\	# Handles ACK,FIN packets
	     proto=6
forwardUPnP  noinline		# Allow traffic that upnpd has redirected from 'upnp' interfaces.
GlusterFS    inline		# Handles GlusterFS
IfEvent	     noinline		# Perform an action based on an event
Invalid	     inline,audit,\	# Handles packets in the INVALID conntrack state
	     state=INVALID	#
Limit	     noinline		# Limit the rate of connections from each individual IP address
?if __ADDRTYPE
Multicast    inline,audit	# Handles Multicast
?else
Multicast    noinline,audit	# Handles Multicast
?endif
New	     inline,state=NEW	# Handles packets in the NEW conntrack state
NotSyn	     inline,audit,\	# Handles TCP packets which do not have SYN=1 and ACK=0
	     proto=6
rejNotSyn    noinline,proto=6	# Silently Reject Non-syn TCP packets
Related	     inline,\		# Handles packets in the RELATED conntrack state
	     state=RELATED	#
ResetEvent   inline		# Reset an Event
RST	     inline,audit,\	# Handle packets with RST set
	     proto=6
SetEvent     inline		# Initialize an event
TCPFlags     proto=6		# Handle bad flag combinations.
Untracked    inline,\		# Handles packets in the UNTRACKED conntrack state
	     state=UNTRACKED	#