diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli index c9acbd026..6a9eb6d95 100644 --- a/Shorewall-core/lib.cli +++ b/Shorewall-core/lib.cli @@ -1007,18 +1007,18 @@ show_command() { case $1 in actions) [ $# -gt 1 ] && usage 1 - echo "A_ACCEPT # Audit and accept the connection" - echo "A_DROP # Audit and drop the connection" - echo "A_REJECT # Audit and reject the connection " - echo "allowBcast # Silently Allow Broadcast/multicast" - echo "allowInvalid # Accept packets that are in the INVALID conntrack state." - echo "allowinUPnP # Allow UPnP inbound (to firewall) traffic" - echo "allowoutUPnP # Allow traffic from local command 'upnpd' (does not work with kernels after 2.6.13)" - echo "dropBcast # Silently Drop Broadcast/multicast" - echo "dropInvalid # Silently Drop packets that are in the INVALID conntrack state" - echo "dropNotSyn # Silently Drop Non-syn TCP packets" - echo "forwardUPnP # Allow traffic that upnpd has redirected from" - echo "rejNotSyn # Silently Reject Non-syn TCP packets" + echo "A_ACCEPT # Audit and accept the connection" + echo "A_DROP # Audit and drop the connection" + echo "A_REJECT # Audit and reject the connection " + echo "allowBcast # Silently Allow Broadcast/multicast" + echo "allowInvalid # Accept packets that are in the INVALID conntrack state." + echo "allowinUPnP # Allow UPnP inbound (to firewall) traffic" + echo "allowoutUPnP # Allow traffic from local command 'upnpd' (does not work with kernels after 2.6.13)" + echo "dropBcast # Silently Drop Broadcast/multicast" + echo "dropInvalid # Silently Drop packets that are in the INVALID conntrack state" + echo "dropNotSyn # Silently Drop Non-syn TCP packets" + echo "forwardUPnP # Allow traffic that upnpd has redirected from" + echo "rejNotSyn # Silently Reject Non-syn TCP packets" if [ -f ${g_confdir}/actions ]; then cat ${g_sharedir}/actions.std ${g_confdir}/actions | grep -Ev '^\#|^$' diff --git a/Shorewall/actions.std b/Shorewall/actions.std index f826ff688..ae18bd9ae 100644 --- a/Shorewall/actions.std +++ b/Shorewall/actions.std @@ -33,13 +33,13 @@ # ############################################################################### #ACTION -A_Drop # Audited Default Action for DROP policy -A_Reject # Audited Default action for REJECT policy -Broadcast noinline # Handles Broadcast/Multicast/Anycast -Drop # Default Action for DROP policy -DropSmurfs noinline # Drop smurf packets -Invalid noinline # Handles packets in the INVALID conntrack state -NotSyn noinline # Handles TCP packets which do not have SYN=1 and ACK=0 -Reject # Default Action for REJECT policy -RST noinline # Handle packets with RST set -TCPFlags noinline # Handle bad flag combinations. +A_Drop # Audited Default Action for DROP policy +A_Reject # Audited Default action for REJECT policy +Broadcast noinline # Handles Broadcast/Multicast/Anycast +Drop # Default Action for DROP policy +DropSmurfs noinline # Drop smurf packets +Invalid noinline # Handles packets in the INVALID conntrack state +NotSyn noinline # Handles TCP packets which do not have SYN=1 and ACK=0 +Reject # Default Action for REJECT policy +RST noinline # Handle packets with RST set +TCPFlags noinline # Handle bad flag combinations. diff --git a/Shorewall/configfiles/actions b/Shorewall/configfiles/actions index 4c5e05c8b..84bedefbc 100644 --- a/Shorewall/configfiles/actions +++ b/Shorewall/configfiles/actions @@ -7,6 +7,6 @@ # # Please see http://shorewall.net/Actions.html for additional information. # -#################################################################################### -#ACTION OPTIONS COMMENT (place '# ' below the 'C' in comment followed by -# v a comment describing the action) +######################################################################################## +#ACTION OPTIONS COMMENT (place '# ' below the 'C' in comment followed by +# v a comment describing the action) diff --git a/Shorewall6/actions.std b/Shorewall6/actions.std index 264df75ab..8e2d727a4 100644 --- a/Shorewall6/actions.std +++ b/Shorewall6/actions.std @@ -19,15 +19,15 @@ # ############################################################################### #ACTION -A_Drop # Audited Default Action for DROP policy -A_Reject # Audited Default Action for REJECT policy -A_AllowICMPs # Audited Accept needed ICMP6 types -AllowICMPs # Accept needed ICMP6 types -Broadcast noinline # Handles Broadcast/Multicast/Anycast -Drop # Default Action for DROP policy -DropSmurfs noinline # Handles packets with a broadcast source address -Invalid noinline # Handles packets in the INVALID conntrack state -NotSyn noinline # Handles TCP packets that do not have SYN=1 and ACK=0 -Reject # Default Action for REJECT policy -TCPFlags noinline # Handles bad flags combinations +A_Drop # Audited Default Action for DROP policy +A_Reject # Audited Default Action for REJECT policy +A_AllowICMPs # Audited Accept needed ICMP6 types +AllowICMPs # Accept needed ICMP6 types +Broadcast noinline # Handles Broadcast/Multicast/Anycast +Drop # Default Action for DROP policy +DropSmurfs noinline # Handles packets with a broadcast source address +Invalid noinline # Handles packets in the INVALID conntrack state +NotSyn noinline # Handles TCP packets that do not have SYN=1 and ACK=0 +Reject # Default Action for REJECT policy +TCPFlags noinline # Handles bad flags combinations diff --git a/Shorewall6/configfiles/actions b/Shorewall6/configfiles/actions index 84ad2f15e..02df48e7a 100644 --- a/Shorewall6/configfiles/actions +++ b/Shorewall6/configfiles/actions @@ -8,6 +8,6 @@ # Please see http://shorewall.net/Actions.html for additional information. # ############################################################################### -#################################################################################### -#ACTION OPTIONS COMMENT (place '# ' below the 'C' in comment followed by -# v a comment describing the action) +######################################################################################## +#ACTION OPTIONS COMMENT (place '# ' below the 'C' in comment followed by +# v a comment describing the action)