Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   18016 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

SHOREWALL-BLACKLIST(5)					SHOREWALL-BLACKLIST(5)

NAME
       blacklist - Shorewall Blacklist file

SYNOPSIS
       /etc/shorewall/blacklist

DESCRIPTION
       The blacklist file is used to perform static blacklisting. You can
       blacklist by source address (IP or MAC), or by application.

       The columns in the file are as follows.

       ADDRESS/SUBNET - {-|~mac-address|ip-address|address-range|+ipset}
	   Host address, network address, MAC address, IP address range (if
	   your kernel and iptables contain iprange match support) or ipset
	   name prefaced by "+" (if your kernel supports ipset match).

	   MAC addresses must be prefixed with "~" and use "-" as a separator.

	   Example: ~00-A0-C9-15-39-78

	   A dash ("-") in this column means that any source address will
	   match. This is useful if you want to blacklist a particular
	   application using entries in the PROTOCOL and PORTS columns.

       PROTOCOL (Optional) - {-|[!]protocol-number|[!]protocol-name}
	   If specified, must be a protocol number or a protocol name from
	   protocols(5).

       PORTS (Optional) - {-|[!]port-name-or-number[,port-name-or-number]...}
	   May only be specified if the protocol is TCP (6) or UDP (17). A
	   comma-separated list of destination port numbers or service names
	   from services(5).

       When a packet arrives on an interface that has the blacklist option
       specified in shorewall-interfaces[1](5), its source IP address and MAC
       address is checked against this file and disposed of according to the
       BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL variables in
       shorewall.conf[2](5). If PROTOCOL or PROTOCOL and PORTS are supplied,
       only packets matching the protocol (and one of the ports if PORTS
       supplied) are blocked.

EXAMPLE
       Example 1:
	   To block DNS queries from address 192.0.2.126:

		       #ADDRESS/SUBNET	       PROTOCOL	       PORT
		       192.0.2.126	       udp	       53

       Example 2:
	   To block some of the nuisance applications:

		       #ADDRESS/SUBNET	       PROTOCOL	       PORT
		       -		       udp	       1024:1033,1434
		       -		       tcp	       57,1433,1434,2401,2745,3127,3306,3410,4899,5554,6101,8081,9898

FILES
       /etc/shorewall/blacklist

SEE ALSO
       http://shorewall.net/blacklisting_support.htm

       shorewall(8), shorewall-accounting(5), shorewall-actions(5),
       shorewall-hosts(5), shorewall-interfaces(5), shorewall-ipsec(5),
       shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5),
       shorewall-netmap(5), shorewall-params(5), shorewall-policy(5),
       shorewall-providers(5), shorewall-proxyarp(5),
       shorewall-route_rules(5), shorewall-routestopped(5),
       shorewall-rules(5), shorewall.conf(5), shorewall-tcclasses(5),
       shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5),
       shorewall-tunnels(5), shorewall-zones(5)

NOTES
	1. shorewall-interfaces
	   shorewall-interfaces.html

	2. shorewall.conf
	   shorewall.conf.html

				  09/05/2009		SHOREWALL-BLACKLIST(5)

Vote for polarhome