Rework blacklisting

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
2010-09-06 15:29:20 -07:00
parent c6f58ba924
commit f3255cd83a
8 changed files with 242 additions and 44 deletions

View File

@@ -94,6 +94,38 @@
url="shorewall6-interfaces.html">shorewall6-interfaces</ulink>
(5).</para>
</note>
<note>
<para>Beginning with Shorewall 4.4.13, entries specifying
<emphasis role="bold">to</emphasis> are applied to traffic based
on the <emphasis role="bold">blacklist</emphasis> setting in
<ulink
url="shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5).</para>
<orderedlist>
<listitem>
<para>Input blacklisting (default if no value given). Traffic
entering this interface are passed against the entries in
<ulink
url="shorewall6-blacklist.html">shorewall6-blacklist</ulink>(5)
that have the <emphasis role="bold">from</emphasis> option
(specified or defaulted). Traffic originating on the firewall
and leaving by this interface is passed against the entries in
<ulink
url="shorewall6-blacklist.html">shorewall6-blacklist</ulink>(5)
that have the <emphasis role="bold">to</emphasis>
option.</para>
</listitem>
<listitem>
<para>Output blacklisting. Traffic entering on this interface
is passed against the entries in <ulink
url="shorewall6-blacklist.html">shorewall6-blacklist</ulink>(5)
that have the <emphasis role="bold">to</emphasis>
option.</para>
</listitem>
</orderedlist>
</note>
</listitem>
</varlistentry>
</variablelist>

View File

@@ -115,13 +115,36 @@ loc eth2 -</programlisting>
<variablelist>
<varlistentry>
<term><emphasis role="bold">blacklist</emphasis></term>
<term><emphasis
role="bold">blacklist[=<replaceable>value</replaceable>]</emphasis></term>
<listitem>
<para>Check packets arriving on this interface against the
<ulink
url="shorewall6-blacklist.html">shorewall6-blacklist</ulink>(5)
file.</para>
<para>The value may be specified when running Shorewall 4.4.13
or later and can have a value in the range 1-2</para>
<orderedlist>
<listitem>
<para>Input blacklisting (default if no value given).
Traffic entering this interface are passed against the
entries in <ulink
url="shorewall6-blacklist.html">shorewall6-blacklist</ulink>(5)
that have the <emphasis role="bold">from</emphasis> option
(specified or defaulted). Traffic originating on the
firewall and leaving by this interface is passed against
the entries in <ulink
url="shorewall6-blacklist.html">shorewall6-blacklist</ulink>(5)
that have the <emphasis role="bold">to</emphasis>
option.</para>
</listitem>
<listitem>
<para>Output blacklisting. Traffic entering on this
interface is passed against the entries in <ulink
url="shorewall6-blacklist.html">shorewall6-blacklist</ulink>(5)
that have the <emphasis role="bold">to</emphasis>
option.</para>
</listitem>
</orderedlist>
</listitem>
</varlistentry>