mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-08 08:44:05 +01:00
30 lines
776 B
Plaintext
30 lines
776 B
Plaintext
#
|
|
# Shorewall version 5 - Drop TCPFlags Action
|
|
#
|
|
# /usr/share/shorewall/action.TCPFlags
|
|
#
|
|
# Accepts a single optional parameter:
|
|
#
|
|
# - = Do not Audit
|
|
# audit = Audit dropped packets.
|
|
#
|
|
#################################################################################
|
|
|
|
DEFAULTS -
|
|
|
|
?if passed(@1)
|
|
?if @1 eq 'audit'
|
|
?set tcpflags_action 'A_DROP'
|
|
?else
|
|
?error The parameter to TCPFlags must be 'audit' or '-'
|
|
?endif
|
|
?else
|
|
?set tcpflags_action 'DROP'
|
|
?endif
|
|
|
|
$tcpflags_action - - ;;+ -p 6 --tcp-flags ALL FIN,URG,PSH
|
|
$tcpflags_action - - ;;+ -p 6 --tcp-flags ALL NONE
|
|
$tcpflags_action - - ;;+ -p 6 --tcp-flags SYN,RST SYN,RST
|
|
$tcpflags_action - - ;;+ -p 6 --tcp-flags SYN,FIN SYN,FIN
|
|
$tcpflags_action - - ;;+ -p tcp --syn --sport 0
|