Provided by: shorewall6_4.4.6-1_all bug

NAME

       blacklist - shorewall6 Blacklist file

SYNOPSIS

       /etc/shorewall6/blacklist

DESCRIPTION

       The blacklist file is used to perform static blacklisting. You can
       blacklist by source address (IP or MAC), or by application.

       The columns in the file are as follows.

       ADDRESS/SUBNET - {-|~mac-address|ip-address|address-range|+ipset}
           Host address, network address, MAC address, IP address range (if
           your kernel and ip6tables contain iprange match support) or ipset
           name prefaced by "+" (if your kernel supports ipset match).

           MAC addresses must be prefixed with "~" and use "-" as a separator.

           Example: ~00-A0-C9-15-39-78

           A dash ("-") in this column means that any source address will
           match. This is useful if you want to blacklist a particular
           application using entries in the PROTOCOL and PORTS columns.

       PROTOCOL (Optional) - {-|protocol-number|protocol-name}
           If specified, must be a protocol number or a protocol name from
           protocols(5).

       PORTS (Optional) - {-|port-name-or-number[,port-name-or-number]...}
           May only be specified if the protocol is TCP (6) or UDP (17). A
           comma-separated list of destination port numbers or service names
           from services(5).

       When a packet arrives on an interface that has the blacklist option
       specified in shorewall6-interfaces[1](5), its source IP address and MAC
       address is checked against this file and disposed of according to the
       BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL variables in
       shorewall6.conf[2](5). If PROTOCOL or PROTOCOL and PORTS are supplied,
       only packets matching the protocol (and one of the ports if PORTS
       supplied) are blocked.

EXAMPLE

       Example 1:
           To block DNS queries from address fe80::2a0:ccff:fedb:31c4:

                       #ADDRESS/SUBNET            PROTOCOL        PORT
                       fe80::2a0:ccff:fedb:31c4/  udp             53

       Example 2:
           To block some of the nuisance applications:

                       #ADDRESS/SUBNET         PROTOCOL        PORT
                       -                       udp             1024:1033,1434
                       -                       tcp             57,1433,1434,2401,2745,3127,3306,3410,4899,5554,6101,8081,9898

FILES

       /etc/shorewall6/blacklist

SEE ALSO

       http://shorewall.net/blacklisting_support.htm

       shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
       shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5),
       shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5),
       shorewall6-route_rules(5), shorewall6-routestopped(5),
       shorewall6-rules(5), shorewall6.conf(5), shorewall6-tcclasses(5),
       shorewall6-tcdevices(5), shorewall6-tcrules(5), shorewall6-tos(5),
       shorewall6-tunnels(5), shorewall6-zones(5)

NOTES

        1. shorewall6-interfaces
           shorewall-interfaces.html

        2. shorewall6.conf
           shorewall.conf.html

                                  01/14/2010            SHOREWALL6-BLACKLIS(5)