shorewall-blacklist5blacklistShorewall Blacklist file/etc/shorewall/blacklistDescriptionThe blacklist file is used to perform static blacklisting. You can
blacklist by source address (IP or MAC), or by application.The columns in the file are as follows.ADDRESS/SUBNET - {-|~mac-address|ip-address|address-range|+ipset}Host address, network address, MAC address, IP address range
(if your kernel and iptables contain iprange match support) or ipset
name prefaced by "+" (if your kernel supports ipset match).MAC addresses must be prefixed with "~" and use "-" as a
separator.Example: ~00-A0-C9-15-39-78A dash ("-") in this column means that any source address will
match. This is useful if you want to blacklist a particular
application using entries in the PROTOCOL and PORTS columns.PROTOCOL (Optional) -
{-|[!]protocol-number|[!]protocol-name}If specified, must be a protocol number or a protocol name
from protocols(5).PORTS (Optional) - {-|[!]port-name-or-number[,port-name-or-number]...}May only be specified if the protocol is TCP (6) or UDP (17).
A comma-separated list of destination port numbers or service names
from services(5).OPTIONS (Optional - Added in 4.4.12) -
{-|{to|from}[,...]}If specified, indicates whether traffic to or from
the ADDRESS/SUBNET should be blacklisted. The default is from. If the ADDRESS/SUBNET column is empty,
then this column has no effect on the generated rule.In Shorewall 4.4.12, blacklisting is still restricted to
traffic arriving on an interface that has the
'blacklist' option set. So to block traffic from your local
network to an internet host, you must specify
on your internal interface in shorewall-interfaces
(5).Beginning with Shorewall 4.4.13, entries specifying
to are applied based on the
blacklist setting in shorewall-interfaces(5):Input blacklisting (default if no value given). Traffic
entering this interface are passed against the entries in
shorewall-blacklist(5)
that have the from option
(specified or defaulted). Traffic originating on the firewall
and leaving by this interface is passed against the entries in
shorewall-blacklist(5)
that have the to
option.Output blacklisting. Traffic entering on this interface
is passed against the entries in shorewall-blacklist(5)
that have the to
option.ExampleExample 1:To block DNS queries from address 192.0.2.126: #ADDRESS/SUBNET PROTOCOL PORT
192.0.2.126 udp 53Example 2:To block some of the nuisance applications: #ADDRESS/SUBNET PROTOCOL PORT
- udp 1024:1033,1434
- tcp 57,1433,1434,2401,2745,3127,3306,3410,4899,5554,6101,8081,9898FILES/etc/shorewall/blacklistSee ALSOhttp://shorewall.net/blacklisting_support.htmshorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-hosts(5), shorewall-interfaces(5), shorewall-maclist(5),
shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5),
shorewall-params(5), shorewall-policy(5), shorewall-providers(5),
shorewall-proxyarp(5), shorewall-route_rules(5),
shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5),
shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
shorewall-zones(5)