Provided by: shorewall_4.4.6-1_all bug


       exclusion - Exclude a set of hosts from a definition in a shorewall
       configuration file.




       Exclusion is used when you wish to exclude one or more addresses from a
       definition. An exclaimation point is followed by a comma-separated list
       of addresses. The addresses may be single host addresses (e.g., or they may be network addresses in CIDR format (e.g., If your kernel and iptables include iprange support,
       you may also specify ranges of ip addresses of the form

       No embedded whitespace is allowed.

       Exclusion can appear after a list of addresses and/or address ranges.
       In that case, the final list of address is formed by taking the first
       list and then removing the addresses defined in the exclusion.


       Example 1 - All IPv4 addresses except

       Example 2 - All IPv4 addresses except the network and
       the host

       Example 3 - All IPv4 addresses except the range and the network

       Example 4 - The network except hosts and







       shorewall(8), shorewall-accounting(5), shorewall-actions(5),
       shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
       shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5),
       shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
       shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5),
       shorewall-route_rules(5), shorewall-routestopped(5),
       shorewall-rules(5), shorewall.conf(5), shorewall-tcclasses(5),
       shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5),
       shorewall-tunnels(5), shorewall-zones(5)

                                  01/14/2010            SHOREWALL-EXCLUSION(5)