shorewall_code/Shorewall6/actions.std
Tom Eastep 6ba1d5413b
Allow a protocol to be associated with an action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-02 11:24:08 -08:00

51 lines
2.4 KiB
Plaintext

#
# Shorewall6 version 5 - Actions.std File
#
# /usr/share/shorewall6/actions.std
#
# Please see http://shorewall.net/Actions.html for additional
# information.
#
###############################################################################
#ACTION
A_Drop # Audited Default Action for DROP policy
A_Reject # Audited Default Action for REJECT policy
A_AllowICMPs proto=58 # Audited Accept needed ICMP6 types
AllowICMPs proto=58 # Accept needed ICMP6 types
allowBcast inline # Silently Allow Broadcast
allowInvalid inline # Accepts packets in the INVALID conntrack state
allowMcast inline # Silently Allow Multicast
AutoBL noinline # Auto-blacklist IPs that exceed thesholds
AutoBLL noinline # Helper for AutoBL
BLACKLIST logjump,section # Add sender to the dynamic blacklist
Broadcast noinline # Handles Broadcast/Anycast
Drop # Default Action for DROP policy (deprecated)
dropBcast inline # Silently Drop Broadcast
dropBcasts inline # Silently Drop Broadcast
dropInvalid inline # Drops packets in the INVALID conntrack state
dropMcast inline # Silently Drop Multicast
dropNotSyn noinline,proto=6 # Silently Drop Non-syn TCP packets
DropDNSrep inline,proto=17 # Drops DNS replies
DropSmurfs noinline # Handles packets with a broadcast source address
Established inline,\ # Handles packets in the ESTABLISHED state
state=ESTABLISHED
FIN inline,audit,\ # Handles ACK,FIN,PSH packets
proto=6
forwardUPnP noinline # Allow traffic that upnpd has redirected from 'upnp' interfaces.
IfEvent noinline # Perform an action based on an event
Invalid inline,audit,\ # Handles packets in the INVALID conntrack state
state=INVALID
Multicast noinline # Handles Multicast
New inline,state=NEW # Handles packets in the NEW conntrack state
NotSyn inline,proto=6 # Handles TCP packets that do not have SYN=1 and ACK=0
Reject # Default Action for REJECT policy (deprecated)
rejNotSyn noinline,proto=6 # Silently Reject Non-syn TCP packets
Related inline,\ # Handles packets in the RELATED conntrack state
state=RELATED
ResetEvent inline # Reset an Event
RST inline,proto=6 # Handle packets with RST set
SetEvent inline # Initialize an event
TCPFlags proto=6 # Handles bad flags combinations
Untracked inline,\ # Handles packets in the UNTRACKED conntrack state
state=UNTRACKED