# # Shorewall -- /usr/share/shorewall/macro.Reject # # This macro generates the same rules as the Reject default action # It is used in place of action.Reject when USE_ACTIONS=No. # # Example: # # Reject loc fw # ############################################################################### #ACTION SOURCE DEST PROTO DPORT SPORT ORIGDEST RATE USER # # Don't log 'auth' REJECT # REJECT - - tcp 113 # # Drop Broadcasts so they don't clutter up the log # (broadcasts must *not* be rejected). # dropBcast # # ACCEPT critical ICMP types # ACCEPT - - icmp fragmentation-needed ACCEPT - - icmp time-exceeded # # Drop packets that are in the INVALID state -- these are usually ICMP packets # and just confuse people when they appear in the log (these ICMPs cannot be # rejected). # dropInvalid # # Reject Microsoft noise so that it doesn't clutter up the log. # REJECT - - udp 135,445 REJECT - - udp 137:139 REJECT - - udp 1024: 137 REJECT - - tcp 135,139,445 DROP - - udp 1900 # # Drop 'newnotsyn' traffic so that it doesn't get logged. # dropNotSyn # # Drop late-arriving DNS replies. These are just a nuisance and clutter up # the log. # DROP - - udp - 53