2002-05-01 01:13:15 +02:00
|
|
|
#
|
2005-07-09 07:55:29 +02:00
|
|
|
# Shorewall 2.4 -- Blacklist File
|
2002-05-01 01:13:15 +02:00
|
|
|
#
|
|
|
|
# /etc/shorewall/blacklist
|
|
|
|
#
|
|
|
|
# This file contains a list of IP addresses, MAC addresses and/or subnetworks.
|
2002-09-15 01:40:46 +02:00
|
|
|
#
|
|
|
|
# Columns are:
|
|
|
|
#
|
2005-07-09 07:55:29 +02:00
|
|
|
# ADDRESS/SUBNET - Host address, subnetwork, MAC address, IP address
|
2005-07-09 07:45:05 +02:00
|
|
|
# range (if your kernel and iptables contain iprange
|
2005-07-09 07:55:29 +02:00
|
|
|
# match support) or ipset name prefaced by "+" (if
|
|
|
|
# your kernel supports ipset match).
|
2002-09-15 01:40:46 +02:00
|
|
|
#
|
2003-02-23 15:10:37 +01:00
|
|
|
# MAC addresses must be prefixed with "~" and use "-"
|
2002-09-15 01:40:46 +02:00
|
|
|
# as a separator.
|
|
|
|
#
|
|
|
|
# Example: ~00-A0-C9-15-39-78
|
|
|
|
#
|
|
|
|
# PROTOCOL - Optional. If specified, must be a protocol number
|
|
|
|
# or a protocol name from /etc/protocols.
|
|
|
|
#
|
|
|
|
# PORTS - Optional. May only be specified if the protocol
|
|
|
|
# is TCP (6) or UDP (17). A comma-separated list
|
|
|
|
# of port numbers or service names from /etc/services.
|
|
|
|
#
|
2005-07-09 07:45:05 +02:00
|
|
|
# When a packet arrives on an interface that has the 'blacklist' option
|
|
|
|
# specified in /etc/shorewall/interfaces, its source IP address is checked
|
|
|
|
# against this file and disposed of according to the BLACKLIST_DISPOSITION and
|
|
|
|
# BLACKLIST_LOGLEVEL variables in /etc/shorewall/shorewall.conf
|
2002-05-01 01:13:15 +02:00
|
|
|
#
|
2002-09-15 01:40:46 +02:00
|
|
|
# If PROTOCOL or PROTOCOL and PORTS are supplied, only packets matching
|
2003-02-23 15:10:37 +01:00
|
|
|
# the protocol (and one of the ports if PORTS supplied) are blocked.
|
2002-09-15 00:00:52 +02:00
|
|
|
#
|
|
|
|
# Example:
|
|
|
|
#
|
|
|
|
# To block DNS queries from address 192.0.2.126:
|
|
|
|
#
|
|
|
|
# ADDRESS/SUBNET PROTOCOL PORT
|
|
|
|
# 192.0.2.126 udp 53
|
2002-09-15 01:40:46 +02:00
|
|
|
#
|
2005-07-09 07:55:29 +02:00
|
|
|
# Example:
|
|
|
|
#
|
|
|
|
# To block DNS queries from addresses in the ipset 'dnsblack':
|
|
|
|
#
|
|
|
|
# ADDRESS/SUBNET PROTOCOL PORT
|
|
|
|
# +dnsblack udp 53
|
|
|
|
#
|
2005-07-09 07:45:05 +02:00
|
|
|
# Please see http://shorewall.net/blacklisting_support.htm for additional
|
|
|
|
# information.
|
|
|
|
#
|
2002-05-01 01:13:15 +02:00
|
|
|
###############################################################################
|
2002-09-15 00:00:52 +02:00
|
|
|
#ADDRESS/SUBNET PROTOCOL PORT
|
2002-05-01 01:13:15 +02:00
|
|
|
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
|
|
|
|
|
|
|
|