mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-08 16:54:10 +01:00
7327464852
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1729 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
50 lines
1.3 KiB
Plaintext
50 lines
1.3 KiB
Plaintext
#
|
|
# Shorewall 2.2 /usr/share/shorewall/action.Drop
|
|
#
|
|
# The default DROP common rules
|
|
#
|
|
# This action is invoked before a DROP policy is enforced. The purpose of the action
|
|
# is:
|
|
#
|
|
# a) Avoid logging lots of useless cruft.
|
|
# b) Ensure that 'auth' requests are rejected, even if the policy is DROP.
|
|
# Otherwise, you may experience problems establishing connections with
|
|
# servers that use auth.
|
|
# c) Ensure that certain ICMP packets that are necessary for successful
|
|
# internet operation are always ACCEPTed.
|
|
#
|
|
# IF YOU ARE HAVING CONNECTION PROBLEMS, CHANGING THIS FILE WON'T HELP!!!!!!!!!!!!
|
|
######################################################################################
|
|
#TARGET SOURCE DEST PROTO
|
|
#
|
|
# Reject 'auth'
|
|
#
|
|
RejectAuth
|
|
#
|
|
# Don't log broadcasts
|
|
#
|
|
dropBcast
|
|
#
|
|
# ACCEPT critical ICMP types
|
|
#
|
|
AllowICMPs - - icmp
|
|
#
|
|
# Drop packets that in the INVALID state -- these are usually ICMP packets and just
|
|
# confuse people when they appear in the log.
|
|
#
|
|
dropInvalid
|
|
#
|
|
# Drop Microsoft noise so that it doesn't clutter up the log.
|
|
#
|
|
DropSMB
|
|
DropUPnP
|
|
#
|
|
# Drop 'newnotsyn' traffic so that it doesn't get logged.
|
|
#
|
|
dropNotSyn - - tcp
|
|
#
|
|
# Drop late-arriving DNS replies. These are just a nuisance and clutter up the log.
|
|
#
|
|
DropDNSrep
|
|
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|