shorewall-blacklist (5) - Linux Man Pages

shorewall-blacklist: Shorewall Blacklist file

NAME

blacklist - Shorewall Blacklist file

SYNOPSIS

/etc/shorewall/blacklist

DESCRIPTION

The blacklist file is used to perform static blacklisting. You can blacklist by source address (IP or MAC), or by application.

The columns in the file are as follows.

ADDRESS/SUBNET - {-|~mac-address|ip-address|address-range|+ipset}

Host address, network address, MAC address, IP address range (if your kernel and iptables contain iprange match support) or ipset name prefaced by "+" (if your kernel supports ipset match).

MAC addresses must be prefixed with "~" and use "-" as a separator.

Example: ~00-A0-C9-15-39-78

A dash ("-") in this column means that any source address will match. This is useful if you want to blacklist a particular application using entries in the PROTOCOL and PORTS columns.

PROTOCOL (Optional) - {-|[!]protocol-number|[!]protocol-name}

If specified, must be a protocol number or a protocol name from protocols(5).

PORTS (Optional) - {-|[!]port-name-or-number[,port-name-or-number]...}

May only be specified if the protocol is TCP (6) or UDP (17). A comma-separated list of destination port numbers or service names from services(5).

When a packet arrives on an interface that has the blacklist option specified in shorewall-interfaces[1](5), its source IP address and MAC address is checked against this file and disposed of according to the BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL variables in shorewall.conf[2](5). If PROTOCOL or PROTOCOL and PORTS are supplied, only packets matching the protocol (and one of the ports if PORTS supplied) are blocked.

EXAMPLE

Example 1:

To block DNS queries from address 192.0.2.126:

        #ADDRESS/SUBNET         PROTOCOL        PORT
        192.0.2.126             udp             53

Example 2:

To block some of the nuisance applications:

        #ADDRESS/SUBNET         PROTOCOL        PORT
        -                       udp             1024:1033,1434
        -                       tcp             57,1433,1434,2401,2745,3127,3306,3410,4899,5554,6101,8081,9898

FILES

/etc/shorewall/blacklist

NOTES

1.
shorewall-interfaces
shorewall-interfaces.html
2.
shorewall.conf
shorewall.conf.html