diff --git a/Lrp/etc/shorewall/common.def b/Lrp/etc/shorewall/common.def
new file mode 100644
index 000000000..e070a3101
--- /dev/null
+++ b/Lrp/etc/shorewall/common.def
@@ -0,0 +1,47 @@
+############################################################################
+# Shorewall 1.3 -- /etc/shorewall/common.def
+#
+# This file defines the rules that are applied before a policy of 
+# DROP or REJECT is applied. In addition to the rules defined in this file,
+# the firewall will also define a DROP rule for each subnet broadcast
+# address defined in /etc/shorewall/interfaces (including "detect").
+#
+# Do not modify this file -- if you wish to change these rules, create
+# /etc/shorewall/common to replace it. It is suggested that you include
+# the command "source /etc/shorewall/common.def" in your
+# /etc/shorewall/common file so that you will continue to get the
+# advantage of new releases of this file.
+#
+run_iptables -A common -p icmp -j icmpdef
+############################################################################
+# Drop invalid state TCP packets
+#
+run_iptables -A common -m state -p tcp --state INVALID -j DROP
+############################################################################
+# accept ACKs and RSTs that aren't related to any session so that the 
+# protocol stack can handle them and so the ACKs can create connection 
+# tracking entries.
+#
+run_iptables -A common -p tcp --tcp-flags ACK ACK -j ACCEPT
+run_iptables -A common -p tcp --tcp-flags RST RST -j ACCEPT
+############################################################################
+# NETBIOS chatter
+#
+run_iptables -A common -p udp --dport 137:139     -j REJECT
+run_iptables -A common -p udp --dport 445         -j REJECT
+run_iptables -A common -p tcp --dport 135	  -j reject
+############################################################################
+# UPnP
+#
+run_iptables -A common -p udp --dport 1900	  -j DROP
+############################################################################
+# BROADCASTS
+#
+run_iptables -A common -d 255.255.255.255 -j DROP
+run_iptables -A common -d 224.0.0.0/4     -j DROP
+############################################################################
+# AUTH -- Silently reject it so that connections don't get delayed.
+#
+run_iptables -A common -p tcp --dport 113 -j reject
+
+