Make DropDNSrep an inline action

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-06 11:21:56 -08:00 · 2017-02-06 11:21:56 -08:00 · 8bc70674f3
commit 8bc70674f3
parent cecb8a1950
3 changed files with 11 additions and 12 deletions
--- a/Shorewall/Actions/action.DropDNSrep
+++ b/Shorewall/Actions/action.DropDNSrep
@ -0,0 +1,10 @@
+#
+# Shorewall -- /usr/share/shorewall/action.DropDNSrep
+#
+# This macro silently drops DNS UDP replies that are in the New state
+#
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
+
+DEFAULTS DROP
+@1	-	-	udp	-	53 { comment="Late DNS Replies" }
--- a/Shorewall/Macros/macro.DropDNSrep
+++ b/Shorewall/Macros/macro.DropDNSrep
@ -1,12 +0,0 @@
-#
-# Shorewall -- /usr/share/shorewall/macro.DropDNSrep
-#
-# This macro silently drops DNS UDP replies
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DPORT	SPORT	ORIGDEST	RATE	USER
-
-?COMMENT Late DNS Replies
-
-DEFAULT DROP
-PARAM	-	-	udp	-	53
--- a/Shorewall/actions.std
+++ b/Shorewall/actions.std
@ -31,6 +31,7 @@ Broadcast    noinline,audit	# Handles Broadcast/Multicast/Anycast
 DNSAmp				# Matches one-question recursive DNS queries
 Drop				# Default Action for DROP policy
 dropInvalid  inline		# Drops packets in the INVALID conntrack state
+DropDNSrep   inline		# Drops DNS replies
 DropSmurfs   noinline		# Drop smurf packets
 Established  inline,\		# Handles packets in the ESTABLISHED state
 	     state=ESTABLISHED	#