2011-10-03 03:41:58 +02:00
|
|
|
#
|
2012-11-01 15:20:50 +01:00
|
|
|
# Shorewall version 4 - Drop TCPFlags Action
|
2011-10-03 03:41:58 +02:00
|
|
|
#
|
2012-11-01 15:20:50 +01:00
|
|
|
# /usr/share/shorewall/action.TCPFlags
|
2011-10-03 03:41:58 +02:00
|
|
|
#
|
2011-10-05 18:32:26 +02:00
|
|
|
# Accepts a single optional parameter:
|
2011-10-03 03:41:58 +02:00
|
|
|
#
|
|
|
|
# - = Do not Audit
|
2011-10-05 18:32:26 +02:00
|
|
|
# audit = Audit dropped packets.
|
2011-10-03 03:41:58 +02:00
|
|
|
#
|
|
|
|
#################################################################################
|
2012-12-22 00:51:14 +01:00
|
|
|
?FORMAT 2
|
2011-10-03 03:41:58 +02:00
|
|
|
|
|
|
|
DEFAULTS DROP,-
|
|
|
|
|
2012-06-05 16:32:43 +02:00
|
|
|
?BEGIN PERL;
|
2011-10-05 18:32:26 +02:00
|
|
|
use strict;
|
2011-10-03 03:41:58 +02:00
|
|
|
use Shorewall::Config qw(:DEFAULT F_IPV4 F_IPV6);
|
|
|
|
use Shorewall::Chains;
|
2013-02-02 00:55:39 +01:00
|
|
|
use Shorewall::Rules;
|
2011-10-03 03:41:58 +02:00
|
|
|
|
2013-02-02 00:55:39 +01:00
|
|
|
my ( $action, $audit ) = get_action_params( 2 );
|
2011-10-03 03:41:58 +02:00
|
|
|
|
|
|
|
my $chainref = get_action_chain;
|
2012-11-29 00:03:08 +01:00
|
|
|
|
2013-02-02 00:55:39 +01:00
|
|
|
if ( supplied $audit ) {
|
|
|
|
fatal_error "Invalid parameter ($audit) to action Invalid" if $audit ne 'audit';
|
|
|
|
$action = "A_$action";
|
|
|
|
}
|
2011-10-03 03:41:58 +02:00
|
|
|
|
2013-02-02 00:55:39 +01:00
|
|
|
perl_action_tcp_helper( $action, '-p tcp --tcp-flags ALL FIN,URG,PSH' );
|
|
|
|
perl_action_tcp_helper( $action, '-p tcp --tcp-flags SYN,RST SYN,RST' );
|
|
|
|
perl_action_tcp_helper( $action, '-p tcp --tcp-flags SYN,FIN SYN,FIN' );
|
|
|
|
perl_action_tcp_helper( $action, '-p tcp --syn --sport 0' );
|
2011-10-03 03:41:58 +02:00
|
|
|
|
2012-06-05 16:32:43 +02:00
|
|
|
?END PERL;
|
2011-10-03 03:41:58 +02:00
|
|
|
|
|
|
|
|
2012-04-24 23:52:57 +02:00
|
|
|
|
2011-10-03 03:41:58 +02:00
|
|
|
|
|
|
|
|