diff --git a/Shorewall2/action.AllowAuth b/Shorewall2/action.AllowAuth index 1ff2522b5..78bdc1266 100644 --- a/Shorewall2/action.AllowAuth +++ b/Shorewall2/action.AllowAuth @@ -4,7 +4,7 @@ # This action accepts Auth (identd) traffic. # ###################################################################################### -#TARGET SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE -# PORT PORT(S) DEST LIMIT +#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/ +# PORT PORT(S) LIMIT GROUP ACCEPT - - tcp 113 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall2/action.AllowDNS b/Shorewall2/action.AllowDNS index 592b5b2b8..2ac6a72ce 100644 --- a/Shorewall2/action.AllowDNS +++ b/Shorewall2/action.AllowDNS @@ -4,8 +4,8 @@ # This action accepts DNS traffic. # ###################################################################################### -#TARGET SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE -# PORT PORT(S) DEST LIMIT +#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/ +# PORT PORT(S) LIMIT GROUP ACCEPT - - udp 53 ACCEPT - - tcp 53 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall2/action.AllowIMAP b/Shorewall2/action.AllowIMAP index 07975db41..333bdf779 100644 --- a/Shorewall2/action.AllowIMAP +++ b/Shorewall2/action.AllowIMAP @@ -4,8 +4,8 @@ # This action accepts IMAP traffic (secure and insecure): # ###################################################################################### -#TARGET SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE -# PORT PORT(S) DEST LIMIT +#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/ +# PORT PORT(S) LIMIT GROUP ACCEPT - - tcp 143 #Unsecure IMAP ACCEPT - - tcp 993 #Secure IMAP #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall2/action.AllowNNTP b/Shorewall2/action.AllowNNTP index 7ec263785..f4b745cfe 100644 --- a/Shorewall2/action.AllowNNTP +++ b/Shorewall2/action.AllowNNTP @@ -4,7 +4,7 @@ # This action accepts NNTP traffic (Usenet). # ###################################################################################### -#TARGET SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE -# PORT PORT(S) DEST LIMIT +#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/ +# PORT PORT(S) LIMIT GROUP ACCEPT - - tcp 119 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall2/action.AllowPing b/Shorewall2/action.AllowPing index 09bed2b54..f18492201 100644 --- a/Shorewall2/action.AllowPing +++ b/Shorewall2/action.AllowPing @@ -4,7 +4,7 @@ # This action accepts 'ping' requests. # ###################################################################################### -#TARGET SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE -# PORT PORT(S) DEST LIMIT +#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/ +# PORT PORT(S) LIMIT GROUP ACCEPT - - icmp 8 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall2/action.AllowRdate b/Shorewall2/action.AllowRdate index ae7fbd493..34cb7f75c 100644 --- a/Shorewall2/action.AllowRdate +++ b/Shorewall2/action.AllowRdate @@ -4,7 +4,7 @@ # This action accepts remote time retrieval (rdate). # ###################################################################################### -#TARGET SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE -# PORT PORT(S) DEST LIMIT +#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/ +# PORT PORT(S) LIMIT GROUP ACCEPT - - tcp 37 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall2/action.AllowSMB b/Shorewall2/action.AllowSMB index 5f455709a..8914eae98 100644 --- a/Shorewall2/action.AllowSMB +++ b/Shorewall2/action.AllowSMB @@ -5,8 +5,8 @@ # both directions. # ###################################################################################### -#TARGET SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE -# PORT PORT(S) DEST LIMIT +#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/ +# PORT PORT(S) LIMIT GROUP ACCEPT - - udp 135,445 ACCEPT - - udp 137:139 ACCEPT - - udp 1024: 137 diff --git a/Shorewall2/action.AllowSMTP b/Shorewall2/action.AllowSMTP index 489556893..5a802a2d1 100644 --- a/Shorewall2/action.AllowSMTP +++ b/Shorewall2/action.AllowSMTP @@ -9,7 +9,7 @@ # the AllowPOP3 or AllowIMAP actions. # ###################################################################################### -#TARGET SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE -# PORT PORT(S) DEST LIMIT +#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/ +# PORT PORT(S) LIMIT GROUP ACCEPT - - tcp 25 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall2/action.AllowSSH b/Shorewall2/action.AllowSSH index 8aa07a9e6..78e25bba9 100644 --- a/Shorewall2/action.AllowSSH +++ b/Shorewall2/action.AllowSSH @@ -4,7 +4,7 @@ # This action accepts secure shell (SSH) traffic. # ###################################################################################### -#TARGET SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE -# PORT PORT(S) DEST LIMIT +#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/ +# PORT PORT(S) LIMIT GROUP ACCEPT - - tcp 22 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall2/action.AllowTrcrt b/Shorewall2/action.AllowTrcrt index 561d93b2a..04a792539 100644 --- a/Shorewall2/action.AllowTrcrt +++ b/Shorewall2/action.AllowTrcrt @@ -4,8 +4,8 @@ # This action accepts Traceroute (for up to 20 hops): # ###################################################################################### -#TARGET SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE -# PORT PORT(S) DEST LIMIT +#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/ +# PORT PORT(S) LIMIT GROUP ACCEPT - - udp 33434:33454 #UDP Traceroute ACCEPT - - icmp 8 #ICMP Traceroute #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall2/action.AllowVNC b/Shorewall2/action.AllowVNC index f12d1c276..423c30c77 100644 --- a/Shorewall2/action.AllowVNC +++ b/Shorewall2/action.AllowVNC @@ -4,7 +4,7 @@ # This action accepts VNC traffic for VNC display's 0 - 9. # ###################################################################################### -#TARGET SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE -# PORT PORT(S) DEST LIMIT +#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/ +# PORT PORT(S) LIMIT GROUP ACCEPT - - tcp 5900:5909 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall2/action.AllowWeb b/Shorewall2/action.AllowWeb index 6ca06c614..f88028b12 100644 --- a/Shorewall2/action.AllowWeb +++ b/Shorewall2/action.AllowWeb @@ -4,8 +4,8 @@ # This action accepts WWW traffic (secure and insecure): # ###################################################################################### -#TARGET SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE -# PORT PORT(S) DEST LIMIT +#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/ +# PORT PORT(S) LIMIT GROUP ACCEPT - - tcp 80 ACCEPT - - TCP 443 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall2/action.Drop b/Shorewall2/action.Drop index 1f1696e25..9198b63c4 100644 --- a/Shorewall2/action.Drop +++ b/Shorewall2/action.Drop @@ -4,8 +4,8 @@ # The default DROP common rules # ###################################################################################### -#TARGET SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE -# PORT PORT(S) DEST LIMIT +#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/ +# PORT PORT(S) LIMIT GROUP RejectAuth DropBcast DropSMB diff --git a/Shorewall2/action.DropBcast b/Shorewall2/action.DropBcast index f1105af09..51ecbcae9 100644 --- a/Shorewall2/action.DropBcast +++ b/Shorewall2/action.DropBcast @@ -5,6 +5,6 @@ # built by the extensions script /etc/shorewall/DropBcast # ###################################################################################### -#TARGET SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE -# PORT PORT(S) DEST LIMIT +#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/ +# PORT PORT(S) LIMIT GROUP #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall2/action.DropDNSrep b/Shorewall2/action.DropDNSrep index 11a7318d8..949e3e655 100644 --- a/Shorewall2/action.DropDNSrep +++ b/Shorewall2/action.DropDNSrep @@ -4,7 +4,7 @@ # This action silently drops DNS UDP replies # ###################################################################################### -#TARGET SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE -# PORT PORT(S) DEST LIMIT +#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/ +# PORT PORT(S) LIMIT GROUP DROP - - udp - 53 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall2/action.DropNonSyn b/Shorewall2/action.DropNonSyn index a1f775d41..f487f9a54 100644 --- a/Shorewall2/action.DropNonSyn +++ b/Shorewall2/action.DropNonSyn @@ -5,6 +5,6 @@ # /etc/shorewall/DropNotSyn implements this action. # ###################################################################################### -#TARGET SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE -# PORT PORT(S) DEST LIMIT +#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/ +# PORT PORT(S) LIMIT GROUP #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall2/action.DropPing b/Shorewall2/action.DropPing index 9ff143eac..5aba7c207 100644 --- a/Shorewall2/action.DropPing +++ b/Shorewall2/action.DropPing @@ -4,7 +4,7 @@ # This action silently drops 'ping' requests. # ###################################################################################### -#TARGET SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE -# PORT PORT(S) DEST LIMIT +#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/ +# PORT PORT(S) LIMIT GROUP DROP - - icmp 8 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall2/action.DropSMB b/Shorewall2/action.DropSMB index dfe6f9625..03a9ee15b 100644 --- a/Shorewall2/action.DropSMB +++ b/Shorewall2/action.DropSMB @@ -4,8 +4,8 @@ # This action silently drops Microsoft SMB traffic # ###################################################################################### -#TARGET SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE -# PORT PORT(S) DEST LIMIT +#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/ +# PORT PORT(S) LIMIT GROUP DROP - - udp 135 DROP - - udp 137:139 DROP - - udp 445 diff --git a/Shorewall2/action.DropUPnP b/Shorewall2/action.DropUPnP index dd04ef293..8ef56119c 100644 --- a/Shorewall2/action.DropUPnP +++ b/Shorewall2/action.DropUPnP @@ -4,7 +4,7 @@ # This action silently drops UPnP probes on UDP port 1900 # ###################################################################################### -#TARGET SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE -# PORT PORT(S) DEST LIMIT +#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/ +# PORT PORT(S) LIMIT GROUP DROP - - udp 1900 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall2/action.Reject b/Shorewall2/action.Reject index 827bd8cc3..a9b473257 100644 --- a/Shorewall2/action.Reject +++ b/Shorewall2/action.Reject @@ -4,8 +4,8 @@ # The default REJECT action common rules # ###################################################################################### -#TARGET SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE -# PORT PORT(S) DEST LIMIT +#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/ +# PORT PORT(S) LIMIT GROUP RejectAuth DropBcast RejectSMB diff --git a/Shorewall2/action.RejectAuth b/Shorewall2/action.RejectAuth index 0bb7838d2..e3675d5bb 100644 --- a/Shorewall2/action.RejectAuth +++ b/Shorewall2/action.RejectAuth @@ -4,7 +4,7 @@ # This action silently rejects Auth (tcp 113) traffic # ###################################################################################### -#TARGET SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE -# PORT PORT(S) DEST LIMIT +#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/ +# PORT PORT(S) LIMIT GROUP REJECT - - tcp 113 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall2/action.RejectSMB b/Shorewall2/action.RejectSMB index 5ca7c1ee0..db820e5dc 100644 --- a/Shorewall2/action.RejectSMB +++ b/Shorewall2/action.RejectSMB @@ -4,8 +4,8 @@ # This action silently rejects Microsoft SMB traffic # ###################################################################################### -#TARGET SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE -# PORT PORT(S) DEST LIMIT +#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/ +# PORT PORT(S) LIMIT GROUP REJECT - - udp 135 REJECT - - udp 137:139 REJECT - - udp 445