#
# Shorewall version 3.0 - Blacklist File
#
# /etc/shorewall/blacklist
#
#	This file contains a list of IP addresses, MAC addresses and/or
#	subnetworks.
#
# Columns are:
#
#	ADDRESS/SUBNET	- Host address, subnetwork, MAC address, IP address
#			  range (if your kernel and iptables contain iprange
#			  match support) or ipset name prefaced by "+" (if
#			  your kernel supports ipset match).
#
#			  MAC addresses must be prefixed with "~" and use "-"
#			  as a separator.
#
#			  Example: ~00-A0-C9-15-39-78
#
#	PROTOCOL	- Optional. If specified, must be a protocol number
#			  or a protocol name from /etc/protocols.
#
#	PORTS		- Optional. May only be specified if the protocol
#			  is TCP (6) or UDP (17). A comma-separated list
#			  of destination port numbers or service names from
#			  /etc/services.
#
#	When a packet arrives on an interface that has the 'blacklist' option
#	specified in /etc/shorewall/interfaces, its source IP address is
#	checked against this file and disposed of according to the
#	BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL variables in
#	/etc/shorewall/shorewall.conf
#
#	If PROTOCOL or PROTOCOL and PORTS are supplied, only packets matching
#	the protocol (and one of the ports if PORTS supplied) are blocked.
#
#	Example:
#
#	To block DNS queries from address 192.0.2.126:
#
#	ADDRESS/SUBNET		PROTOCOL	PORT
#	192.0.2.126		udp		53
#
#	Example:
#
#	To block DNS queries from addresses in the ipset 'dnsblack':
#
#	ADDRESS/SUBNET		PROTOCOL	PORT
#	+dnsblack		udp		53
#
# Please see http://shorewall.net/blacklisting_support.htm for additional
# information.
#
###############################################################################
#ADDRESS/SUBNET		PROTOCOL	PORT
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE