#
# Shorewall version 5 - Drop TCPFlags Action
#
# /usr/share/shorewall/action.TCPFlags
#
#   Accepts a single optional parameter:
#
#          -     = Do not Audit
#          audit = Audit dropped packets.
#
#################################################################################

?if @1 ne '-' && @1 ne ''
    ?if @1 eq 'audit'
DEFAULTS A_DROP
    ?else
        ?error "The first parameter to TCPFlags must be 'audit' or '-'
    ?endif
?else
DEFAULTS DROP
?endif

@1	-	-	tcp	;; --tcp-flags ALL FIN,URG,PSH
@1	-	-	tcp	;; --tcp-flags ALL NONE
@1	-	-	tcp	;; --tcp-flags SYN,RST SYN,RST
@1	-	-	tcp	;; --tcp-flags SYN,FIN SYN,FIN
@1	-	-	tcp	;; --syn --sport 0