Provided by: shorewall_4.5.21.6-1_all bug

NAME
       blacklist - Shorewall Blacklist file


SYNOPSIS

       /etc/shorewall/blacklist


DESCRIPTION
       The blacklist file is used to perform static blacklisting by source address (IP or MAC), or by
       application. The use of this file is deprecated and beginning with Shorewall 4.5.7, the file is no longer
       installed.

       The columns in the file are as follows (where the column name is followed by a different name in
       parentheses, the different name is used in the alternate specification syntax).

       ADDRESS/SUBNET (networks) - {-|~mac-address|ip-address|address-range|+ipset}
           Host address, network address, MAC address, IP address range (if your kernel and iptables contain
           iprange match support) or ipset name prefaced by "+" (if your kernel supports ipset match). Exclusion
           (shorewall-exclusion[1](5)) is supported.

           MAC addresses must be prefixed with "~" and use "-" as a separator.

           Example: ~00-A0-C9-15-39-78

           A dash ("-") in this column means that any source address will match. This is useful if you want to
           blacklist a particular application using entries in the PROTOCOL and PORTS columns.

       PROTOCOL (proto) - {-|[!]protocol-number|[!]protocol-name}
           Optional - If specified, must be a protocol number or a protocol name from protocols(5).

       PORTS - {-|[!]port-name-or-number[,port-name-or-number]...}
           Optional - may only be specified if the protocol is TCP (6) or UDP (17). A comma-separated list of
           destination port numbers or service names from services(5).

       OPTIONS - {-|{dst|src|whitelist|audit}[,...]}
           Optional - added in 4.4.12. If specified, indicates whether traffic from ADDRESS/SUBNET (src) or
           traffic to ADDRESS/SUBNET (dst) should be blacklisted. The default is src. If the ADDRESS/SUBNET
           column is empty, then this column has no effect on the generated rule.

               Note
               In Shorewall 4.4.12, the keywords from and to were used in place of src and dst respectively.
               Blacklisting was still restricted to traffic arriving on an interface that has the 'blacklist'
               option set. So to block traffic from your local network to an internet host, you had to specify
               blacklist on your internal interface in shorewall-interfaces[2] (5).

               Note
               Beginning with Shorewall 4.4.13, entries are applied based on the blacklist setting in
               shorewall-zones[3](5):

                1. 'blacklist' in the OPTIONS or IN_OPTIONS column. Traffic from this zone is passed against the
                   entries in this file that have the src option (specified or defaulted).

                2. 'blacklist' in the OPTIONS or OUT_OPTIONS column. Traffic to this zone is passed against the
                   entries in this file that have the dst option.
           In Shorewall 4.4.20, the whitelist option was added. When whitelist is specified, packets/connections
           that match the entry are not matched against the remaining entries in the file.

           The audit option was also added in 4.4.20 and causes packets matching the entry to be audited. The
           audit option may not be specified in whitelist entries and require AUDIT_TARGET support in the kernel
           and iptables.


EXAMPLE
       Example 1:
           To block DNS queries from address 192.0.2.126:

                       #ADDRESS/SUBNET         PROTOCOL        PORT
                       192.0.2.126             udp             53

       Example 2:
           To block some of the nuisance applications:

                       #ADDRESS/SUBNET         PROTOCOL        PORT
                       -                       udp             1024:1033,1434
                       -                       tcp             57,1433,1434,2401,2745,3127,3306,3410,4899,5554,6101,8081,9898


FILES
       /etc/shorewall/blacklist


SEE ALSO
       http://shorewall.net/blacklisting_support.htm

       http://shorewall.net/configuration_file_basics.htm#Pairs

       shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-hosts(5), shorewall_interfaces(5),
       shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5),
       shorewall-params(5), shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5),
       shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
       shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),
       shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)


NOTES
        1. shorewall-exclusion
           http://www.shorewall.netshorewall-exclusion.html

        2. shorewall-interfaces
           http://www.shorewall.netshorewall-interfaces.html

        3. shorewall-zones
           http://www.shorewall.netshorewall-zones.html

[FIXME: source]                                    01/30/2014                             SHOREWALL-BLACKLIST(5)