2004-01-31 17:11:22 +01:00
|
|
|
#
|
2004-07-21 22:55:47 +02:00
|
|
|
# Shorewall 2.1 -- Blacklist File
|
2004-01-31 17:11:22 +01:00
|
|
|
#
|
|
|
|
# /etc/shorewall/blacklist
|
|
|
|
#
|
|
|
|
# This file contains a list of IP addresses, MAC addresses and/or subnetworks.
|
|
|
|
#
|
|
|
|
# Columns are:
|
|
|
|
#
|
2004-09-08 20:46:57 +02:00
|
|
|
# ADDRESS/SUBNET - Host address, subnetwork, MAC address or IP address
|
|
|
|
# range (if your kernel and iptables contain iprange
|
|
|
|
# match support).
|
2004-01-31 17:11:22 +01:00
|
|
|
#
|
|
|
|
# MAC addresses must be prefixed with "~" and use "-"
|
|
|
|
# as a separator.
|
|
|
|
#
|
|
|
|
# Example: ~00-A0-C9-15-39-78
|
|
|
|
#
|
|
|
|
# PROTOCOL - Optional. If specified, must be a protocol number
|
|
|
|
# or a protocol name from /etc/protocols.
|
|
|
|
#
|
|
|
|
# PORTS - Optional. May only be specified if the protocol
|
|
|
|
# is TCP (6) or UDP (17). A comma-separated list
|
|
|
|
# of port numbers or service names from /etc/services.
|
|
|
|
#
|
|
|
|
# When a packet arrives on in interface that has the 'blacklist' option
|
|
|
|
# specified, its source IP address is checked against this file and disposed of
|
|
|
|
# according to the BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL variables in
|
|
|
|
# /etc/shorewall/shorewall.conf
|
|
|
|
#
|
|
|
|
# If PROTOCOL or PROTOCOL and PORTS are supplied, only packets matching
|
|
|
|
# the protocol (and one of the ports if PORTS supplied) are blocked.
|
|
|
|
#
|
|
|
|
# Example:
|
|
|
|
#
|
|
|
|
# To block DNS queries from address 192.0.2.126:
|
|
|
|
#
|
|
|
|
# ADDRESS/SUBNET PROTOCOL PORT
|
|
|
|
# 192.0.2.126 udp 53
|
|
|
|
#
|
|
|
|
###############################################################################
|
|
|
|
#ADDRESS/SUBNET PROTOCOL PORT
|
|
|
|
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
|
|
|
|
|
|
|
|