Provided by: shorewall_4.4.6-1_all bug

NAME

       blacklist - Shorewall Blacklist file

SYNOPSIS

       /etc/shorewall/blacklist

DESCRIPTION

       The blacklist file is used to perform static blacklisting. You can
       blacklist by source address (IP or MAC), or by application.

       The columns in the file are as follows.

       ADDRESS/SUBNET - {-|~mac-address|ip-address|address-range|+ipset}
           Host address, network address, MAC address, IP address range (if
           your kernel and iptables contain iprange match support) or ipset
           name prefaced by "+" (if your kernel supports ipset match).

           MAC addresses must be prefixed with "~" and use "-" as a separator.

           Example: ~00-A0-C9-15-39-78

           A dash ("-") in this column means that any source address will
           match. This is useful if you want to blacklist a particular
           application using entries in the PROTOCOL and PORTS columns.

       PROTOCOL (Optional) - {-|[!]protocol-number|[!]protocol-name}
           If specified, must be a protocol number or a protocol name from
           protocols(5).

       PORTS (Optional) - {-|[!]port-name-or-number[,port-name-or-number]...}
           May only be specified if the protocol is TCP (6) or UDP (17). A
           comma-separated list of destination port numbers or service names
           from services(5).

       When a packet arrives on an interface that has the blacklist option
       specified in shorewall-interfaces[1](5), its source IP address and MAC
       address is checked against this file and disposed of according to the
       BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL variables in
       shorewall.conf[2](5). If PROTOCOL or PROTOCOL and PORTS are supplied,
       only packets matching the protocol (and one of the ports if PORTS
       supplied) are blocked.

EXAMPLE

       Example 1:
           To block DNS queries from address 192.0.2.126:

                       #ADDRESS/SUBNET         PROTOCOL        PORT
                       192.0.2.126             udp             53

       Example 2:
           To block some of the nuisance applications:

                       #ADDRESS/SUBNET         PROTOCOL        PORT
                       -                       udp             1024:1033,1434
                       -                       tcp             57,1433,1434,2401,2745,3127,3306,3410,4899,5554,6101,8081,9898

FILES

       /etc/shorewall/blacklist

SEE ALSO

       http://shorewall.net/blacklisting_support.htm

       shorewall(8), shorewall-accounting(5), shorewall-actions(5),
       shorewall-hosts(5), shorewall-interfaces(5), shorewall-ipsec(5),
       shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5),
       shorewall-netmap(5), shorewall-params(5), shorewall-policy(5),
       shorewall-providers(5), shorewall-proxyarp(5),
       shorewall-route_rules(5), shorewall-routestopped(5),
       shorewall-rules(5), shorewall.conf(5), shorewall-tcclasses(5),
       shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5),
       shorewall-tunnels(5), shorewall-zones(5)

NOTES

        1. shorewall-interfaces
           shorewall-interfaces.html

        2. shorewall.conf
           shorewall.conf.html

                                  01/14/2010            SHOREWALL-BLACKLIST(5)