# # Shorewall 2.4 /usr/share/shorewall/actions.std # # Please see http://shorewall.net/Actions.html for additional # information. # # Builtin Actions are: # # allowBcast #Silently Allow Broadcast/multicast # dropBcast #Silently Drop Broadcast/multicast # dropNotSyn #Silently Drop Non-syn TCP packets # rejNotSyn #Silently Reject Non-syn TCP packets # dropInvalid #Silently Drop packets that are in the INVALID # #conntrack state. # allowInvalid #Accept packets that are in the INVALID # #conntrack state. # allowoutUPnP #Allow traffic from local command 'upnpd' # allowinUPnP #Allow UPnP inbound (to firewall) traffic # forwardUPnP #Allow traffic that upnpd has redirected from # #'upnp' interfaces. # #ACTION DropSMB #Silently Drops Microsoft SMB Traffic RejectSMB #Silently Reject Microsoft SMB Traffic DropUPnP #Silently Drop UPnP Probes RejectAuth #Silently Reject Auth DropPing #Silently Drop Ping DropDNSrep #Silently Drop DNS Replies DropEdonkey # silently drop edonkey traffic DropGnutella # silently drop gnutella traffic AllowPing #Accept Ping AllowFTP #Accept FTP AllowDNS #Accept DNS AllowSSH #Accept SSH AllowWeb #Allow Web Browsing AllowSMB #Allow MS Networking AllowAuth #Allow Auth (identd) AllowSMTP #Allow SMTP (Email) AllowPOP3 #Allow reading mail via POP3 AllowICMPs #Allows critical ICMP types AllowIMAP #Allow reading mail via IMAP AllowTelnet #Allow Telnet Access (not recommended for use over the #Internet) AllowVNC #Allow VNC viewer->server, Displays 0-9 AllowVNCL #Allow VNC server->viewer in listening mode AllowNTP #Allow Network Time Protocol (ntpd) AllowRdate #Allow remote time (rdate). AllowNNTP #Allow network news (Usenet). AllowTrcrt #Allows Traceroute (20 hops) AllowSNMP #Allows SNMP (including traps) AllowPCA #Allows PCAnywhere (tm) # Added in Debian Packaging AllowSPAMD #Allows SpamAssassin daemon AllowSyslog #Allows syslog udp traffic AllowAmanda # Allow connections required by the Amanda backup system AllowLDAP # accepts LDAP traffic AllowICQ # Accepts ICQ traffic AllowBitTorrent # Accepts BitTorrent traffic AllowSMBswat # Allows Samba Swat DropSMTP # silently drops SMTP traffic AllowCVS # accept cvs pserver traffic AllowSVN # accept Subversion traffic AllowMySQL # accept MySQL traffic AllowPostgreSQL # accept PostgreSQL traffic AllowRsync # accept rsync traffic AllowDistcc # accept Distributed Compiler traffic AllowEdonkey # accept edonkey traffic AllowGnutella # accept edonkey traffic Drop:DROP #Common Action for DROP policy Reject:REJECT #Common Action for REJECT policy #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE