Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   17783 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

SHOREWALL-BLACKLIST(5)		[FIXME: manual]		SHOREWALL-BLACKLIST(5)

NAME
       blacklist - Shorewall Blacklist file

SYNOPSIS
       /etc/shorewall/blacklist

DESCRIPTION
       The blacklist file is used to perform static blacklisting by source
       address (IP or MAC), or by application. The use of this file is
       deprecated and beginning with Shorewall 4.5.7, the file is no longer
       installed.

       The columns in the file are as follows (where the column name is
       followed by a different name in parentheses, the different name is used
       in the alternate specification syntax).

       ADDRESS/SUBNET (networks) -
       {-|~mac-address|ip-address|address-range|+ipset}
	   Host address, network address, MAC address, IP address range (if
	   your kernel and iptables contain iprange match support) or ipset
	   name prefaced by "+" (if your kernel supports ipset match).
	   Exclusion (shorewall-exclusion[1](5)) is supported.

	   MAC addresses must be prefixed with "~" and use "-" as a separator.

	   Example: ~00-A0-C9-15-39-78

	   A dash ("-") in this column means that any source address will
	   match. This is useful if you want to blacklist a particular
	   application using entries in the PROTOCOL and PORTS columns.

       PROTOCOL (proto) - {-|[!]protocol-number|[!]protocol-name}
	   Optional - If specified, must be a protocol number or a protocol
	   name from protocols(5).

       PORTS - {-|[!]port-name-or-number[,port-name-or-number]...}
	   Optional - may only be specified if the protocol is TCP (6) or UDP
	   (17). A comma-separated list of destination port numbers or service
	   names from services(5).

       OPTIONS - {-|{dst|src|whitelist|audit}[,...]}
	   Optional - added in 4.4.12. If specified, indicates whether traffic
	   from ADDRESS/SUBNET (src) or traffic to ADDRESS/SUBNET (dst) should
	   be blacklisted. The default is src. If the ADDRESS/SUBNET column is
	   empty, then this column has no effect on the generated rule.

	       Note
	       In Shorewall 4.4.12, the keywords from and to were used in
	       place of src and dst respectively. Blacklisting was still
	       restricted to traffic arriving on an interface that has the
	       'blacklist' option set. So to block traffic from your local
	       network to an internet host, you had to specify blacklist on
	       your internal interface in shorewall-interfaces[2] (5).

	       Note
	       Beginning with Shorewall 4.4.13, entries are applied based on
	       the blacklist setting in shorewall-zones[3](5):

		1. 'blacklist' in the OPTIONS or IN_OPTIONS column. Traffic
		   from this zone is passed against the entries in this file
		   that have the src option (specified or defaulted).

		2. 'blacklist' in the OPTIONS or OUT_OPTIONS column. Traffic
		   to this zone is passed against the entries in this file
		   that have the dst option.
	   In Shorewall 4.4.20, the whitelist option was added. When whitelist
	   is specified, packets/connections that match the entry are not
	   matched against the remaining entries in the file.

	   The audit option was also added in 4.4.20 and causes packets
	   matching the entry to be audited. The audit option may not be
	   specified in whitelist entries and require AUDIT_TARGET support in
	   the kernel and iptables.

EXAMPLE
       Example 1:
	   To block DNS queries from address 192.0.2.126:

		       #ADDRESS/SUBNET	       PROTOCOL	       PORT
		       192.0.2.126	       udp	       53

       Example 2:
	   To block some of the nuisance applications:

		       #ADDRESS/SUBNET	       PROTOCOL	       PORT
		       -		       udp	       1024:1033,1434
		       -		       tcp	       57,1433,1434,2401,2745,3127,3306,3410,4899,5554,6101,8081,9898

FILES
       /etc/shorewall/blacklist

SEE ALSO
       http://shorewall.net/blacklisting_support.htm

       http://shorewall.net/configuration_file_basics.htm#Pairs

       shorewall(8), shorewall-accounting(5), shorewall-actions(5),
       shorewall-hosts(5), shorewall_interfaces(5), shorewall-ipsets(5),
       shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5),
       shorewall-netmap(5), shorewall-params(5), shorewall-policy(5),
       shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5),
       shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
       shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5),
       shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
       shorewall-zones(5)

NOTES
	1. shorewall-exclusion
	   http://www.shorewall.net/manpages/shorewall-exclusion.html

	2. shorewall-interfaces
	   http://www.shorewall.net/manpages/shorewall-interfaces.html

	3. shorewall-zones
	   http://www.shorewall.net/manpages/shorewall-zones.html

[FIXME: source]			  12/19/2013		SHOREWALL-BLACKLIST(5)

Vote for polarhome