1shorewall-blacklist(5)                                  shorewall-blacklist(5)
2
3
4

NAME

6       blacklist - Shorewall Blacklist file
7

SYNOPSIS

9       /etc/shorewall/blacklist
10

DESCRIPTION

12       The  blacklist  file  is  used  to perform static blacklisting. You can
13       blacklist by source address (IP or MAC), or by application.
14
15       The columns in the file are as follows.
16
17       ADDRESS/SUBNET — {-|~mac-address|ip-address|address-range|+ipset}
18              Host address, network address, MAC address, IP address range (if
19              your kernel and iptables contain iprange match support) or ipset
20              name prefaced by "+" (if your kernel supports ipset match).
21
22              MAC addresses must be prefixed with "~" and use "-" as a separa‐
23              tor.
24
25              Example: ~00-A0-C9-15-39-78
26
27              A  dash  ("-") in this column means that any source address will
28              match. This is useful if you want to blacklist a particular  ap‐
29              plication using entries in the PROTOCOL and PORTS columns.
30
31       PROTOCOL (Optional) — {-|protocol-number|protocol-name}
32              If  specified, must be a protocol number or a protocol name from
33              protocols(5).
34
35       PORTS (Optional) — {-|port-name-or-number[,port-name-or-number]...}
36              May only be specified if the protocol is TCP (6) or UDP (17).  A
37              comma-separated  list  of  destination  port  numbers or service
38              names from services(5).
39
40       When a packet arrives on an interface that  has  the  blacklist  option
41       specified  in shorewall-interfaces ⟨shorewall-interfaces.html⟩ (5), its
42       source IP address and MAC address is checked against this file and dis‐
43       posed  of according to the BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL
44       variables in shorewall.conf ⟨shorewall.conf.html⟩ (5). If  PROTOCOL  or
45       PROTOCOL  and  PORTS  are  supplied, only packets matching the protocol
46       (and one of the ports if PORTS supplied) are blocked.
47

EXAMPLE

49       Example 1:
50              To block DNS queries from address 192.0.2.126:
51
52                      #ADDRESS/SUBNET         PROTOCOL        PORT
53                      192.0.2.126             udp             53
54
55       Example 2:
56              To block some of the nuisance applications:
57
58                      #ADDRESS/SUBNET         PROTOCOL        PORT
59                      -                       udp             1024:1033,1434
60                      -                       tcp             57,1433,1434,2401,2745,3127,3306,3410,4899,5554,6101,8081,9898
61

FILES

63       /etc/shorewall/blacklist
64

SEE ALSO

66http://shorewall.net/blacklisting_support.htm
67
68       shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-
69       hosts(5),   shorewall-interfaces(5),   shorewall-ipsec(5),   shorewall-
70       maclist(5), shorewall-masq(5),  shorewall-nat(5),  shorewall-netmap(5),
71       shorewall-params(5),    shorewall-policy(5),    shorewall-providers(5),
72       shorewall-proxyarp(5),      shorewall-route_routes(5),       shorewall-
73       routestopped(5),  shorewall-rules(5),  shorewall.conf(5), shorewall-tc‐
74       classes(5),  shorewall-tcdevices(5),  shorewall-tcrules(5),  shorewall-
75       tos(5), shorewall-tunnels(5), shorewall-zones(5)
76
77
78
79                                  19 May 2008           shorewall-blacklist(5)
Impressum