#
# Shorewall version 5 - Actions.std File
#
# /usr/share/shorewall/actions.std
#
#	Please see http://shorewall.net/Actions.html for additional
#	information.
#
###############################################################################
#ACTION
A_AllowICMPs inline		# Audited version of AllowICMPs
A_Drop				# Audited Default Action for DROP policy
A_REJECT     noinline,logjump	# Audits then rejects a connection request
A_REJECT!    inline		# Audits then rejects a connection request
A_Reject			# Audited Default action for REJECT policy
AllowICMPs   inline		# Allow Required ICMP packets
allowBcast   inline		# Silently Allow Broadcast
allowinUPnP  inline		# Allow UPnP inbound (to firewall) traffic
allowInvalid inline		# Accepts packets in the INVALID conntrack state
allowMcast   inline		# Silently Allow Multicast
AutoBL	     noinline		# Auto-blacklist IPs that exceed thesholds
AutoBLL	     noinline		# Helper for AutoBL
BLACKLIST    logjump,section	# Add sender to the dynamic blacklist
Broadcast    noinline,audit	# Handles Broadcast/Anycast
DNSAmp				# Matches one-question recursive DNS queries
Drop				# Default Action for DROP policy (deprecated)
dropBcast    inline		# Silently Drop Broadcast
dropBcasts    inline		# Silently Drop Broadcast
dropInvalid  inline		# Drops packets in the INVALID conntrack state
dropMcast    inline		# Silently Drop Multicast
dropNotSyn   noinline		# Silently Drop Non-syn TCP packets
DropDNSrep   inline		# Drops DNS replies
DropSmurfs   noinline		# Drop smurf packets
Established  inline,\		# Handles packets in the ESTABLISHED state
	     state=ESTABLISHED	#
FIN	     inline,audit	# Handles ACK,FIN,PSH packets
forwardUPnP  noinline		# Allow traffic that upnpd has redirected from 'upnp' interfaces.
GlusterFS    inline		# Handles GlusterFS
IfEvent	     noinline		# Perform an action based on an event
Invalid	     inline,audit,\	# Handles packets in the INVALID conntrack state
	     state=INVALID	#
Limit	     noinline		# Limit the rate of connections from each individual IP address
Multicast    noinline,audit	# Handles Multicast
New	     inline,state=NEW	# Handles packets in the NEW conntrack state
NotSyn	     inline,audit	# Handles TCP packets which do not have SYN=1 and ACK=0
rejNotSyn    noinline		# Silently Reject Non-syn TCP packets
Reject				# Default Action for REJECT policy (deprecated)
Related	     inline,\		# Handles packets in the RELATED conntrack state
	     state=RELATED	#
ResetEvent   inline		# Reset an Event
RST	     inline,audit	# Handle packets with RST set
SetEvent     inline		# Initialize an event
TCPFlags			# Handle bad flag combinations.
Untracked    inline,\		# Handles packets in the UNTRACKED conntrack state
	     state=UNTRACKED	#