shorewall6-blacklist5blacklistshorewall6 Blacklist file/etc/shorewall6/blacklistDescriptionThe blacklist file is used to perform static blacklisting. You can
blacklist by source address (IP or MAC), or by application.The columns in the file are as follows.ADDRESS/SUBNET - {-|~mac-address|ip-address|address-range|+ipset}Host address, network address, MAC address, IP address range
(if your kernel and ip6tables contain iprange match support) or
ipset name prefaced by "+" (if your kernel supports ipset
match).MAC addresses must be prefixed with "~" and use "-" as a
separator.Example: ~00-A0-C9-15-39-78A dash ("-") in this column means that any source address will
match. This is useful if you want to blacklist a particular
application using entries in the PROTOCOL and PORTS columns.PROTOCOL (Optional) -
{-|protocol-number|protocol-name}If specified, must be a protocol number or a protocol name
from protocols(5).PORTS (Optional) - {-|port-name-or-number[,port-name-or-number]...}May only be specified if the protocol is TCP (6), UDP (17),
DCCP (33), SCTP (132) or UDPLITE (136). A comma-separated list of
destination port numbers or service names from services(5).OPTIONS (Optional - Added in Shorewall 4.4.12) -
{-|to|from|}If specified, indicates whether traffic or
the ADDRESS/SUBNET should be blacklisted. The
default is from. If the
ADDRESS/SUBNET column is empty, then this column has no effect on
the generated rule.Blacklisting is still restricted to traffic
arriving on an interface that has the
'blacklist' option set. So to block traffic from your local
network to an internet host, you must specify
on your internal interface in shorewall6-interfaces
(5).When a packet arrives on an interface that has the blacklist option specified in shorewall6-interfaces(5), its
source IP address and MAC address is checked against this file and
disposed of according to the BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL variables in shorewall6.conf(5). If PROTOCOL or PROTOCOL and PORTS
are supplied, only packets matching the protocol (and one of the ports if
PORTS supplied) are blocked.ExampleExample 1:To block DNS queries from address
fe80::2a0:ccff:fedb:31c4: #ADDRESS/SUBNET PROTOCOL PORT
fe80::2a0:ccff:fedb:31c4/ udp 53Example 2:To block some of the nuisance applications: #ADDRESS/SUBNET PROTOCOL PORT
- udp 1024:1033,1434
- tcp 57,1433,1434,2401,2745,3127,3306,3410,4899,5554,6101,8081,9898FILES/etc/shorewall6/blacklistSee ALSOhttp://shorewall.net/blacklisting_support.htmshorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5),
shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5),
shorewall6-route_rules(5), shorewall6-routestopped(5),
shorewall6-rules(5), shorewall6.conf(5), shorewall6-tcclasses(5),
shorewall6-tcdevices(5), shorewall6-tcrules(5), shorewall6-tos(5),
shorewall6-tunnels(5), shorewall6-zones(5)