2
# Shorewall6 version 4 - Audited Drop Action
4
# /usr/share/shorewall6/action.ADrop
6
# The Audited default DROP common rules
8
# This action is invoked before a DROP policy is enforced. The purpose
11
# a) Avoid logging lots of useless cruft.
12
# b) Ensure that 'auth' requests are rejected, even if the policy is
13
# DROP. Otherwise, you may experience problems establishing
14
# connections with servers that use auth.
15
# c) Ensure that certain ICMP packets that are necessary for successful
16
# internet operation are always ACCEPTed.
18
# IF YOU ARE HAVING CONNECTION PROBLEMS, CHANGING THIS FILE WON'T HELP!!!!!!!!!
20
###############################################################################
21
#TARGET SOURCE DEST PROTO DPORT SPORT
27
# ACCEPT critical ICMP types
29
A_AllowICMPs - - ipv6-icmp
31
# Drop Broadcasts so they don't clutter up the log
32
# (broadcasts must *not* be rejected).
36
# Drop packets that are in the INVALID state -- these are usually ICMP packets
37
# and just confuse people when they appear in the log.
41
# Drop Microsoft noise so that it doesn't clutter up the log.
45
# Drop 'newnotsyn' traffic so that it doesn't get logged.
47
dropNotSyn(audit) - - tcp
49
# Drop late-arriving DNS replies. These are just a nuisance and clutter up