forked from extern/shorewall_code
70a395892f
- Add the 'section' action option Signed-off-by: Tom Eastep <teastep@shorewall.net>
52 lines
2.3 KiB
Plaintext
52 lines
2.3 KiB
Plaintext
#
|
|
# Shorewall version 5 - Actions.std File
|
|
#
|
|
# /usr/share/shorewall/actions.std
|
|
#
|
|
# Please see http://shorewall.net/Actions.html for additional
|
|
# information.
|
|
#
|
|
# Builtin Actions are:
|
|
#
|
|
?if 0
|
|
allowBcast # Silently Allow Broadcast/multicast
|
|
dropBcast # Silently Drop Broadcast/multicast
|
|
dropNotSyn # Silently Drop Non-syn TCP packets
|
|
rejNotSyn # Silently Reject Non-syn TCP packets
|
|
allowinUPnP # Allow UPnP inbound (to firewall) traffic
|
|
forwardUPnP # Allow traffic that upnpd has redirected from 'upnp' interfaces.
|
|
Limit # Limit the rate of connections from each individual IP address
|
|
?endif
|
|
###############################################################################
|
|
#ACTION
|
|
A_Drop # Audited Default Action for DROP policy
|
|
A_REJECT noinline,logjump # Audits then rejects a connection request
|
|
A_REJECT! inline # Audits then rejects a connection request
|
|
A_Reject # Audited Default action for REJECT policy
|
|
allowInvalid inline # Accepts packets in the INVALID conntrack state
|
|
AutoBL noinline # Auto-blacklist IPs that exceed thesholds
|
|
AutoBLL noinline # Helper for AutoBL
|
|
BLACKLIST logjump,section # Add sender to the dynamic blacklist
|
|
Broadcast noinline,audit # Handles Broadcast/Multicast/Anycast
|
|
DNSAmp # Matches one-question recursive DNS queries
|
|
Drop # Default Action for DROP policy
|
|
dropInvalid inline # Drops packets in the INVALID conntrack state
|
|
DropSmurfs noinline # Drop smurf packets
|
|
Established inline,\ # Handles packets in the ESTABLISHED state
|
|
state=ESTABLISHED #
|
|
GlusterFS inline # Handles GlusterFS
|
|
IfEvent noinline # Perform an action based on an event
|
|
Invalid inline,audit,\ # Handles packets in the INVALID conntrack state
|
|
state=INVALID #
|
|
New inline,state=NEW # Handles packets in the NEW conntrack state
|
|
NotSyn inline,audit # Handles TCP packets which do not have SYN=1 and ACK=0
|
|
Reject # Default Action for REJECT policy
|
|
Related inline,\ # Handles packets in the RELATED conntrack state
|
|
state=RELATED #
|
|
ResetEvent inline # Reset an Event
|
|
RST inline,audit # Handle packets with RST set
|
|
SetEvent inline # Initialize an event
|
|
TCPFlags # Handle bad flag combinations.
|
|
Untracked inline,\ # Handles packets in the UNTRACKED conntrack state
|
|
state=UNTRACKED #
|