diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm
index 3c5915753..54788c25b 100644
--- a/Shorewall/Perl/Shorewall/Providers.pm
+++ b/Shorewall/Perl/Shorewall/Providers.pm
@@ -1104,7 +1104,11 @@ sub add_a_route( ) {
fatal_error 'DEST must be specified' if $dest eq '-';
$dest = validate_net ( $dest, 0 );
- validate_address ( $gateway, 1 ) if $gateway ne '-';
+ if ( $gateway eq 'blackhole' ) {
+ fatal_error q('blackhole' routes may not specify a DEVICE) unless $device eq '-';
+ } else {
+ validate_address ( $gateway, 1 ) if $gateway ne '-';
+ }
my $providerref = $providers{$provider};
my $number = $providerref->{number};
@@ -1117,6 +1121,9 @@ sub add_a_route( ) {
if ( $device ne '-' ) {
push @$routes, qq(run_ip route add $dest via $gateway dev $physical table $number);
emit qq(echo "qt \$IP -$family route del $dest via $gateway dev $physical table $number" >> \${VARDIR}/undo_${provider}_routing) if $number >= DEFAULT_TABLE;
+ } elsif ( $gateway eq 'blackhole' ) {
+ push @$routes, qq(run_ip route add blackhole $dest table $number);
+ emit qq(echo "\$IP -$family route del blackhole $dest table $number" >> \${VARDIR}/undo_${provider}_routing) if $number >= DEFAULT_TABLE;
} else {
push @$routes, qq(run_ip route add $dest via $gateway table $number);
emit qq(echo "\$IP -$family route del $dest via $gateway table $number" >> \${VARDIR}/undo_${provider}_routing) if $number >= DEFAULT_TABLE;
diff --git a/Shorewall/manpages/shorewall-routes.xml b/Shorewall/manpages/shorewall-routes.xml
index e033ffa2d..f8e653a7e 100644
--- a/Shorewall/manpages/shorewall-routes.xml
+++ b/Shorewall/manpages/shorewall-routes.xml
@@ -53,6 +53,9 @@
If specified, gives the IP address of the gateway to the
DEST.
+
+ Beginning with Shorewall 4.5.15, you may specify blackhole in
+ this column to create a route.
@@ -62,8 +65,9 @@
Specifies the device route. If neither DEVICE nor GATEWAY is
given, then the INTERFACE specified for the PROVIDER in shorewall-providers
- (5).
+ url="shorewall-providers.html">shorewall-providers (5). This
+ column must be omitted if is specified in
+ the GATEWAY column.
diff --git a/Shorewall6/manpages/shorewall6-routes.xml b/Shorewall6/manpages/shorewall6-routes.xml
index a3077f473..1db3850e4 100644
--- a/Shorewall6/manpages/shorewall6-routes.xml
+++ b/Shorewall6/manpages/shorewall6-routes.xml
@@ -53,6 +53,9 @@
If specified, gives the IP address of the gateway to the
DEST.
+
+ Beginning with Shorewall 4.5.15, you may specify blackhole in
+ this column to create a route.
@@ -62,8 +65,9 @@
Specifies the device route. If neither DEVICE nor GATEWAY is
given, then the INTERFACE specified for the PROVIDER in shorewall6-providers
- (5).
+ url="shorewall6-providers.html">shorewall6-providers (5).
+ This column must be omitted if is
+ specified in the GATEWAY column.