Mon, 7 Jan 2002 13:14:57 -0800
As it turns out, I don't think that it is necessary for Shorewall to have=
explicit blacklist support since it can be implemented nicely already.=20
Whatever I did in the firewall script would just add code to duplicate mu=
of the following:
bl=09Blacklist=09List of black-listed hosts/nets
net=09Internet=09The untrusted Internet
loc=09Local=09=09My Local Network
It is important that 'bl' be before 'net'.
Assuming that your internet interface is eth0, in /etc/shorewall/interfac=
where the ipX are subnets and/or ip addresses. If you want to put them in=
file (lets say /etc/shorewall/blacklist) with one entry per line, then in
/etc/shorewall/params, you can put:
=09BLACKLIST=3D'echo $BLACKLIST | sed 's/ /,/g'`
and in /etc/shorewall/hosts put:
That's it! All packets from the blacklisted hosts will be dropped.
If one of you that has a need for a black list would try the above and le=
know how it works, the rest of us would appreciate it.
Tom Eastep \ A Firewall for Linux 2.4.*
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ firstname.lastname@example.org