2008-12-07 19:17:26 +01:00
|
|
|
#
|
|
|
|
# Shorewall version 4 - Actions.std File
|
|
|
|
#
|
|
|
|
# /usr/share/shorewall/actions.std
|
|
|
|
#
|
|
|
|
# Please see http://shorewall.net/Actions.html for additional
|
|
|
|
# information.
|
|
|
|
#
|
|
|
|
# Builtin Actions are:
|
|
|
|
#
|
2011-05-20 16:47:35 +02:00
|
|
|
# A_ACCEPT # Audits then accepts a connection request
|
|
|
|
# A_DROP # Audits then drops a connection request
|
|
|
|
# A_REJECT # Audits then drops a connection request
|
2008-12-07 19:17:26 +01:00
|
|
|
# allowBcast # Silently Allow Broadcast/multicast
|
|
|
|
# dropBcast # Silently Drop Broadcast/multicast
|
|
|
|
# dropNotSyn # Silently Drop Non-syn TCP packets
|
|
|
|
# rejNotSyn # Silently Reject Non-syn TCP packets
|
|
|
|
# allowoutUPnP # Allow traffic from local command 'upnpd' (does not
|
|
|
|
# # work with kernel 2.6.14 and later).
|
|
|
|
# allowinUPnP # Allow UPnP inbound (to firewall) traffic
|
|
|
|
# forwardUPnP # Allow traffic that upnpd has redirected from
|
|
|
|
# # 'upnp' interfaces.
|
|
|
|
# Limit # Limit the rate of connections from each individual
|
|
|
|
# # IP address
|
|
|
|
#
|
|
|
|
###############################################################################
|
|
|
|
#ACTION
|
2012-12-04 19:54:32 +01:00
|
|
|
A_Drop # Audited Default Action for DROP policy
|
|
|
|
A_Reject # Audited Default action for REJECT policy
|
2013-02-07 20:21:13 +01:00
|
|
|
allowInvalid inline # Accepts packets in the INVALID conntrack state
|
|
|
|
Broadcast noinline # Handles Broadcast/Multicast/Anycast
|
2012-12-04 19:54:32 +01:00
|
|
|
Drop # Default Action for DROP policy
|
2013-02-07 20:21:13 +01:00
|
|
|
dropInvalid inline # Drops packets in the INVALID conntrack state
|
|
|
|
DropSmurfs noinline # Drop smurf packets
|
|
|
|
Established inline # Handles packets in the ESTABLISHED state
|
2013-07-10 22:27:58 +02:00
|
|
|
IfTrigger noinline # Perform an action if a trigger is set
|
2013-02-07 20:21:13 +01:00
|
|
|
Invalid inline # Handles packets in the INVALID conntrack state
|
|
|
|
New inline # Handles packets in the NEW conntrack state
|
|
|
|
NotSyn inline # Handles TCP packets which do not have SYN=1 and ACK=0
|
2012-12-04 19:54:32 +01:00
|
|
|
Reject # Default Action for REJECT policy
|
2013-02-07 20:21:13 +01:00
|
|
|
Related inline # Handles packets in the RELATED conntrack state
|
2013-07-10 22:27:58 +02:00
|
|
|
ResetTrigger inline # Reset a Trigger
|
2013-02-07 20:21:13 +01:00
|
|
|
RST inline # Handle packets with RST set
|
2013-07-10 22:27:58 +02:00
|
|
|
SetTrigger inline # Set a trigger for the packet's source IP
|
2013-02-02 00:55:39 +01:00
|
|
|
TCPFlags # Handle bad flag combinations.
|
2013-02-08 01:52:06 +01:00
|
|
|
Untracked inline # Handles packets in the UNTRACKED conntrack state
|