1shorewall-blacklist(5) shorewall-blacklist(5)
2
3
4
6 blacklist - Shorewall Blacklist file
7
9 /etc/shorewall/blacklist
10
12 The blacklist file is used to perform static blacklisting. You can
13 blacklist by source address (IP or MAC), or by application.
14
15 The columns in the file are as follows.
16
17 ADDRESS/SUBNET — {-|~mac-address|ip-address|address-range|+ipset}
18 Host address, network address, MAC address, IP address range (if
19 your kernel and iptables contain iprange match support) or ipset
20 name prefaced by "+" (if your kernel supports ipset match).
21
22 MAC addresses must be prefixed with "~" and use "-" as a separa‐
23 tor.
24
25 Example: ~00-A0-C9-15-39-78
26
27 A dash ("-") in this column means that any source address will
28 match. This is useful if you want to blacklist a particular ap‐
29 plication using entries in the PROTOCOL and PORTS columns.
30
31 PROTOCOL (Optional) — {-|protocol-number|protocol-name}
32 If specified, must be a protocol number or a protocol name from
33 protocols(5).
34
35 PORTS (Optional) — {-|port-name-or-number[,port-name-or-number]...}
36 May only be specified if the protocol is TCP (6) or UDP (17). A
37 comma-separated list of destination port numbers or service
38 names from services(5).
39
40 When a packet arrives on an interface that has the blacklist option
41 specified in shorewall-interfaces ⟨shorewall-interfaces.html⟩ (5), its
42 source IP address and MAC address is checked against this file and dis‐
43 posed of according to the BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL
44 variables in shorewall.conf ⟨shorewall.conf.html⟩ (5). If PROTOCOL or
45 PROTOCOL and PORTS are supplied, only packets matching the protocol
46 (and one of the ports if PORTS supplied) are blocked.
47
49 Example 1:
50 To block DNS queries from address 192.0.2.126:
51
52 #ADDRESS/SUBNET PROTOCOL PORT
53 192.0.2.126 udp 53
54
55 Example 2:
56 To block some of the nuisance applications:
57
58 #ADDRESS/SUBNET PROTOCOL PORT
59 - udp 1024:1033,1434
60 - tcp 57,1433,1434,2401,2745,3127,3306,3410,4899,5554,6101,8081,9898
61
63 /etc/shorewall/blacklist
64
66 ⟨http://shorewall.net/blacklisting_support.htm⟩
67
68 shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-
69 hosts(5), shorewall-interfaces(5), shorewall-ipsec(5), shorewall-
70 maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5),
71 shorewall-params(5), shorewall-policy(5), shorewall-providers(5),
72 shorewall-proxyarp(5), shorewall-route_routes(5), shorewall-
73 routestopped(5), shorewall-rules(5), shorewall.conf(5), shorewall-tc‐
74 classes(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-
75 tos(5), shorewall-tunnels(5), shorewall-zones(5)
76
77
78
79 19 May 2008 shorewall-blacklist(5)