Ubuntu manuals

Provided by: shorewall_3.4.4-1_all

NAME

        blacklist - Shorewall Blacklist file
 

SYNOPSIS

        /etc/shorewall/blacklist
 

DESCRIPTION

        The  blacklist  file  is  used  to perform static blacklisting. You can
        blacklist by source address (IP or MAC), or by application.
 
        The columns in the file are as follows.
 
        ADDRESS/SUBNET — {-|~mac-address|ip-address|address-range|+ipset}
               Host address, network address, MAC address, IP address range (if
               your kernel and iptables contain iprange match support) or ipset
               name prefaced by "+" (if your kernel supports ipset match).
 
               MAC addresses must be prefixed with "~" and use "-" as a separa‐
               tor.
 
               Example: ~00-A0-C9-15-39-78
 
               A  dash  ("-") in this column means that any source address will
               match. This is useful if you  want  to  blacklist  a  particular
               application using entries in the PROTOCOL and PORTS columns.
 
        PROTOCOL (Optional) — {-|protocol-number|protocol-name}
               If  specified, must be a protocol number or a protocol name from
               protocols(5).
 
        PORTS (Optional) — {-|port-name-or-number[,port-name-or-number]...}
               May only be specified if the protocol is TCP (6) or UDP (17).  A
               comma-separated  list  of  destination  port  numbers or service
               names from services(5).
 
        When a packet arrives on an interface that  has  the  blacklist  option
        specified  in  shorewall-interfaces(5),  its  source IP address and MAC
        address is checked against this file and disposed of according  to  the
        BLACKLIST_DISPOSITION   and   BLACKLIST_LOGLEVEL  variables  in  shore‐
        wall.conf(5). If PROTOCOL or PROTOCOL  and  PORTS  are  supplied,  only
        packets  matching the protocol (and one of the ports if PORTS supplied)
        are blocked.
 

EXAMPLE

        Example 1:
               To block DNS queries from address 192.0.2.126:
 
                       #ADDRESS/SUBNET         PROTOCOL        PORT
                       192.0.2.126             udp             53
 
        Example 2:
               To block some of the nuisance applications:
 
                       #ADDRESS/SUBNET         PROTOCOL        PORT
                       -                       udp             1024:1033,1434
                       -                       tcp             57,1433,1434,2401,2745,3127,3306,3410,4899,5554,6101,8081,9898
 

FILES

        /etc/shorewall/blacklist
        http://shorewall.net/blacklisting_support.htm
 
        shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-
        hosts(5),   shorewall-interfaces(5),   shorewall-ipsec(5),   shorewall-
        maclist(5), shorewall-masq(5),  shorewall-nat(5),  shorewall-netmap(5),
        shorewall-params(5),    shorewall-policy(5),    shorewall-providers(5),
        shorewall-proxyarp(5),      shorewall-route_routes(5),       shorewall-
        routestopped(5),   shorewall-rules(5),   shorewall.conf(5),  shorewall-
        tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),  shorewall-
        tos(5), shorewall-tunnels(5), shorewall-zones(5)
 
                                  17 June 2007           shorewall-blacklist(5)