Provided by: shorewall-common_4.0.12-1_all
exclusion - Exclude a set of hosts from a definition in a shorewall
! address-or-range[, address-or-range] ...
Exclusion is used when you wish to exclude one or more addresses from a
definition. An exclaimation point is followed by a comma-separated list
of addresses. The addresses may be single host addresses (e.g.,
192.168.1.4) or they may be network addresses in CIDR format (e.g.,
192.168.1.0/24). If your kernel and iptables include iprange support,
you may also specify ranges of ip addresses of the form lowaddress-
No embedded whitespace is allowed.
Exclusion can appear after a list of addresses and/or address ranges.
In that case, the final list of address is formed by taking the first
list and then removing the addresses defined in the exclusion.
Example 1 - All IPv4 addresses except 192.168.3.4
Example 2 - All IPv4 addresses except the network 192.168.1.0/24 and
the host 10.2.3.4
Example 3 - All IPv4 addresses except the range
192.168.1.3-192.168.1.12 and the network 10.0.0.0/8
Example 4 - The network 192.168.1.0/24 except hosts 192.168.1.3 and
shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-
blacklist(5), shorewall-hosts(5), shorewall-interfaces(5), shorewall-
ipsec(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5),
shorewall-netmap(5), shorewall-params(5), shorewall-policy(5),
shorewall-providers(5), shorewall-proxyarp(5), shorewall-
route_rules(5), shorewall-routestopped(5), shorewall-rules(5),
shorewall.conf(5), shorewall-tcclasses(5), shorewall-tcdevices(5),
shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
24 June 2008 shorewall-exclusion(5)