Provided by: shorewall-common_4.0.6-1_all bug

NAME

       blacklist - Shorewall Blacklist file

SYNOPSIS

       /etc/shorewall/blacklist

DESCRIPTION

       The  blacklist  file  is  used  to perform static blacklisting. You can
       blacklist by source address (IP or MAC), or by application.

       The columns in the file are as follows.

       ADDRESS/SUBNET — {-|~mac-address|ip-address|address-range|+ipset}
              Host address, network address, MAC address, IP address range (if
              your kernel and iptables contain iprange match support) or ipset
              name prefaced by "+" (if your kernel supports ipset match).

              MAC addresses must be  prefixed  with  "~"  and  use  "-"  as  a
              separator.

              Example: ~00-A0-C9-15-39-78

              A  dash  ("-") in this column means that any source address will
              match. This is useful if you  want  to  blacklist  a  particular
              application using entries in the PROTOCOL and PORTS columns.

       PROTOCOL (Optional) — {-|protocol-number|protocol-name}
              If  specified, must be a protocol number or a protocol name from
              protocols(5).

       PORTS (Optional) — {-|port-name-or-number[,port-name-or-number]...}
              May only be specified if the protocol is TCP (6) or UDP (17).  A
              comma-separated  list  of  destination  port  numbers or service
              names from services(5).

       When a packet arrives on an interface that  has  the  blacklist  option
       specified  in shorewall-interfaces 〈shorewall-interfaces.html〉 (5), its
       source IP address and MAC address is  checked  against  this  file  and
       disposed    of    according    to    the    BLACKLIST_DISPOSITION   and
       BLACKLIST_LOGLEVEL variables  in  shorewall.conf  〈shorewall.conf.html〉
       (5).  If  PROTOCOL  or  PROTOCOL  and  PORTS are supplied, only packets
       matching the protocol (and one of the  ports  if  PORTS  supplied)  are
       blocked.

EXAMPLE

       Example 1:
              To block DNS queries from address 192.0.2.126:

                      #ADDRESS/SUBNET         PROTOCOL        PORT
                      192.0.2.126             udp             53

       Example 2:
              To block some of the nuisance applications:

                      #ADDRESS/SUBNET         PROTOCOL        PORT
                      -                       udp             1024:1033,1434
                      -                       tcp             57,1433,1434,2401,2745,3127,3306,3410,4899,5554,6101,8081,9898

FILES

       /etc/shorewall/blacklist

SEE ALSO

http://shorewall.net/blacklisting_support.htmshorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-
       hosts(5),   shorewall-interfaces(5),   shorewall-ipsec(5),   shorewall-
       maclist(5),  shorewall-masq(5),  shorewall-nat(5), shorewall-netmap(5),
       shorewall-params(5),    shorewall-policy(5),    shorewall-providers(5),
       shorewall-proxyarp(5),       shorewall-route_routes(5),      shorewall-
       routestopped(5),  shorewall-rules(5),   shorewall.conf(5),   shorewall-
       tcclasses(5),  shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-
       tos(5), shorewall-tunnels(5), shorewall-zones(5)

                               23 November 2007         shorewall-blacklist(5)