# # Shorewall version 3.0 - Reject Action # # /usr/share/shorewall/action.Reject # # The default REJECT action common rules # # This action is invoked before a REJECT policy is enforced. The purpose # of the action is: # # a) Avoid logging lots of useless cruft. # b) Ensure that certain ICMP packets that are necessary for successful # internet operation are always ACCEPTed. # # IF YOU ARE HAVING CONNECTION PROBLEMS, CHANGING THIS FILE WON'T HELP!!!!!!!!! ############################################################################### #TARGET SOURCE DEST PROTO # # Don't log 'auth' REJECT # Auth/REJECT # # Drop Broadcasts so they don't clutter up the log # (broadcasts must *not* be rejected). # dropBcast # # ACCEPT critical ICMP types # AllowICMPs - - icmp # # Drop packets that in the INVALID state -- these are usually ICMP packets # and just confuse people when they appear in the log (these ICMPs cannot be # rejected). # dropInvalid # # Drop Microsoft noise so that it doesn't clutter up the lot. # SMB/REJECT DropUPnP # # Drop 'newnotsyn' traffic so that it doesn't get logged. # dropNotSyn - - tcp # # Drop late-arriving DNS replies. These are just a nuisance and clutter up # the log. # DropDNSrep #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE