Provided by: shorewall-common_4.0.12-1_all bug


       exclusion  -  Exclude  a  set of hosts from a definition in a shorewall
       configuration file.


       ! address-or-range[, address-or-range] ...


       Exclusion is used when you wish to exclude one or more addresses from a
       definition. An exclaimation point is followed by a comma-separated list
       of addresses.  The  addresses  may  be  single  host  addresses  (e.g.,  or  they  may  be network addresses in CIDR format (e.g., If your kernel and iptables include  iprange  support,
       you  may  also  specify  ranges of ip addresses of the form lowaddress-

       No embedded whitespace is allowed.

       Exclusion can appear after a list of addresses and/or  address  ranges.
       In  that  case, the final list of address is formed by taking the first
       list and then removing the addresses defined in the exclusion.


       Example 1 - All IPv4 addresses except

       Example 2 - All IPv4 addresses except the  network  and
       the host

       Example    3    -    All    IPv4    addresses    except    the    range and the network

       Example 4 - The network  except  hosts  and







       shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-
       blacklist(5),  shorewall-hosts(5),  shorewall-interfaces(5), shorewall-
       ipsec(5),  shorewall-maclist(5),  shorewall-masq(5),  shorewall-nat(5),
       shorewall-netmap(5),      shorewall-params(5),     shorewall-policy(5),
       shorewall-providers(5),        shorewall-proxyarp(5),        shorewall-
       route_rules(5),      shorewall-routestopped(5),     shorewall-rules(5),
       shorewall.conf(5),   shorewall-tcclasses(5),    shorewall-tcdevices(5),
       shorewall-tcrules(5),      shorewall-tos(5),      shorewall-tunnels(5),

                                 24 June 2008           shorewall-exclusion(5)