Provided by: shorewall-common_4.0.12-1_all bug


       blacklist - Shorewall Blacklist file




       The  blacklist  file  is  used  to perform static blacklisting. You can
       blacklist by source address (IP or MAC), or by application.

       The columns in the file are as follows.

       ADDRESS/SUBNET — {-|~mac-address|ip-address|address-range|+ipset}
              Host address, network address, MAC address, IP address range (if
              your kernel and iptables contain iprange match support) or ipset
              name prefaced by "+" (if your kernel supports ipset match).

              MAC addresses must be  prefixed  with  "~"  and  use  "-"  as  a

              Example: ~00-A0-C9-15-39-78

              A  dash  ("-") in this column means that any source address will
              match. This is useful if you  want  to  blacklist  a  particular
              application using entries in the PROTOCOL and PORTS columns.

       PROTOCOL (Optional) — {-|protocol-number|protocol-name}
              If  specified, must be a protocol number or a protocol name from

       PORTS (Optional) — {-|port-name-or-number[,port-name-or-number]...}
              May only be specified if the protocol is TCP (6) or UDP (17).  A
              comma-separated  list  of  destination  port  numbers or service
              names from services(5).

       When a packet arrives on an interface that  has  the  blacklist  option
       specified  in shorewall-interfaces 〈shorewall-interfaces.html〉 (5), its
       source IP address and MAC address is  checked  against  this  file  and
       disposed    of    according    to    the    BLACKLIST_DISPOSITION   and
       BLACKLIST_LOGLEVEL variables  in  shorewall.conf  〈shorewall.conf.html〉
       (5).  If  PROTOCOL  or  PROTOCOL  and  PORTS are supplied, only packets
       matching the protocol (and one of the  ports  if  PORTS  supplied)  are


       Example 1:
              To block DNS queries from address

                      #ADDRESS/SUBNET         PROTOCOL        PORT
                         udp             53

       Example 2:
              To block some of the nuisance applications:

                      #ADDRESS/SUBNET         PROTOCOL        PORT
                      -                       udp             1024:1033,1434
                      -                       tcp             57,1433,1434,2401,2745,3127,3306,3410,4899,5554,6101,8081,9898



SEE ALSO, shorewall-accounting(5), shorewall-actions(5), shorewall-
       hosts(5),   shorewall-interfaces(5),   shorewall-ipsec(5),   shorewall-
       maclist(5),  shorewall-masq(5),  shorewall-nat(5), shorewall-netmap(5),
       shorewall-params(5),    shorewall-policy(5),    shorewall-providers(5),
       shorewall-proxyarp(5),       shorewall-route_routes(5),      shorewall-
       routestopped(5),  shorewall-rules(5),   shorewall.conf(5),   shorewall-
       tcclasses(5),  shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-
       tos(5), shorewall-tunnels(5), shorewall-zones(5)

                                 24 June 2008           shorewall-blacklist(5)