shorewall_code/Shorewall/actions.std
Tom Eastep 49166efdca Make the TCP standard actions inline
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 18:01:08 -08:00

49 lines
2.4 KiB
Plaintext

#
# Shorewall version 4 - Actions.std File
#
# /usr/share/shorewall/actions.std
#
# Please see http://shorewall.net/Actions.html for additional
# information.
#
# Builtin Actions are:
#
# A_ACCEPT # Audits then accepts a connection request
# A_DROP # Audits then drops a connection request
# A_REJECT # Audits then drops a connection request
# allowBcast # Silently Allow Broadcast/multicast
# dropBcast # Silently Drop Broadcast/multicast
# dropNotSyn # Silently Drop Non-syn TCP packets
# rejNotSyn # Silently Reject Non-syn TCP packets
# dropInvalid # Silently Drop packets that are in the INVALID
# # conntrack state.
# allowInvalid # Accept packets that are in the INVALID
# # conntrack state.
# allowoutUPnP # Allow traffic from local command 'upnpd' (does not
# # work with kernel 2.6.14 and later).
# allowinUPnP # Allow UPnP inbound (to firewall) traffic
# forwardUPnP # Allow traffic that upnpd has redirected from
# # 'upnp' interfaces.
# drop1918src # Drop packets with an RFC 1918 source address
# drop1918dst # Drop packets with an RFC 1918 original dest address
# rej1918src # Reject packets with an RFC 1918 source address
# rej1918dst # Reject packets with an RFC 1918 original dest address
# Limit # Limit the rate of connections from each individual
# # IP address
#
###############################################################################
#ACTION
A_Drop # Audited Default Action for DROP policy
A_Reject # Audited Default action for REJECT policy
Broadcast noinline # Handles Broadcast/Multicast/Anycast
Drop # Default Action for DROP policy
DropSmurfs noinline # Drop smurf packets
Established inline # Handles packets in the ESTABLISHED state
Invalid inline # Handles packets in the INVALID conntrack state
NotSyn inline # Handles TCP packets which do not have SYN=1 and ACK=0
Reject # Default Action for REJECT policy
Related inline # Handles packets in the RELATED conntrack state
RST inline # Handle packets with RST set
TCPFlags noinline # Handle bad flag combinations.
Untracked inline # Handles packets in the UNTRACKED conntrack state