shorewall_code/Shorewall2/action.Reject

#
# Shorewall 2.2 /usr/share/shorewall/action.Reject
#
#	The default REJECT action common rules
#
# This action is invoked before a REJECT policy is enforced. The purpose of the action
# is:
#
#	a) Avoid logging lots of useless cruft. 
#       b) Ensure that certain ICMP packets that are necessary for successful 
#	   internet operation are always ACCEPTed.
#
# IF YOU ARE HAVING CONNECTION PROBLEMS, CHANGING THIS FILE WON'T HELP!!!!!!!!!!!!
######################################################################################
#TARGET  	SOURCE		DEST      	PROTO
#
# Don't log 'auth' REJECT
#
RejectAuth
#
# Drop Broadcasts so they don't clutter up the log (broadcasts must *not* be rejected).
#
dropBcast
#
# ACCEPT critical ICMP types
#
AllowICMPs	-		-		icmp
#
# Drop packets that in the INVALID state -- these are usually ICMP packets and just
# confuse people when they appear in the log (these ICMPs cannot be rejected).
#
dropInvalid
#
# Drop Microsoft noise so that it doesn't clutter up the lot.
#
RejectSMB
DropUPnP
#
# Drop 'newnotsyn' traffic so that it doesn't get logged.
#
dropNotSyn	-		-		tcp
#
# Drop late-arriving DNS replies. These are just a nuisance and clutter up the log.
#
DropDNSrep
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
Initial revision git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1103 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2004-01-31 17:11:22 +01:00			`#`
Update file headings to reflect version 2.2 git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1729 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2004-10-26 17:37:00 +02:00			`# Shorewall 2.2 /usr/share/shorewall/action.Reject`
Initial revision git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1103 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2004-01-31 17:11:22 +01:00			`#`
			`# The default REJECT action common rules`
			`#`
Add AllowICMPs action and invoke from Drop and Reject git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1666 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2004-10-08 00:56:35 +02:00			`# This action is invoked before a REJECT policy is enforced. The purpose of the action`
			`# is:`
			`#`
			`# a) Avoid logging lots of useless cruft.`
			`# b) Ensure that certain ICMP packets that are necessary for successful`
			`# internet operation are always ACCEPTed.`
			`#`
			`# IF YOU ARE HAVING CONNECTION PROBLEMS, CHANGING THIS FILE WON'T HELP!!!!!!!!!!!!`
Initial revision git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1103 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2004-01-31 17:11:22 +01:00			`######################################################################################`
Add AllowICMPs action and invoke from Drop and Reject git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1666 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2004-10-08 00:56:35 +02:00			`#TARGET SOURCE DEST PROTO`
			`#`
			`# Don't log 'auth' REJECT`
			`#`
Initial revision git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1103 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2004-01-31 17:11:22 +01:00			`RejectAuth`
Add AllowICMPs action and invoke from Drop and Reject git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1666 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2004-10-08 00:56:35 +02:00			`#`
			`# Drop Broadcasts so they don't clutter up the log (broadcasts must not be rejected).`
			`#`
Make a couple of the user-defined actions builtins git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1121 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2004-02-04 23:23:45 +01:00			`dropBcast`
Add AllowICMPs action and invoke from Drop and Reject git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1666 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2004-10-08 00:56:35 +02:00			`#`
			`# ACCEPT critical ICMP types`
			`#`
			`AllowICMPs - - icmp`
			`#`
			`# Drop packets that in the INVALID state -- these are usually ICMP packets and just`
			`# confuse people when they appear in the log (these ICMPs cannot be rejected).`
			`#`
Add dropInvalid builtin action git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1430 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2004-07-01 16:12:29 +02:00			`dropInvalid`
Add AllowICMPs action and invoke from Drop and Reject git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1666 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2004-10-08 00:56:35 +02:00			`#`
			`# Drop Microsoft noise so that it doesn't clutter up the lot.`
			`#`
Initial revision git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1103 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2004-01-31 17:11:22 +01:00			`RejectSMB`
			`DropUPnP`
Add AllowICMPs action and invoke from Drop and Reject git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1666 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2004-10-08 00:56:35 +02:00			`#`
			`# Drop 'newnotsyn' traffic so that it doesn't get logged.`
			`#`
			`dropNotSyn - - tcp`
			`#`
			`# Drop late-arriving DNS replies. These are just a nuisance and clutter up the log.`
			`#`
Shorewall 2.0.0 Beta2 git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1134 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2004-02-10 00:52:01 +01:00			`DropDNSrep`
Initial revision git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1103 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2004-01-31 17:11:22 +01:00			`#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE`