[Shorewall-users] Blacklist

Tom Eastep teastep@shorewall.net
Mon, 7 Jan 2002 13:14:57 -0800

As it turns out, I don't think that it is necessary for Shorewall to have=
explicit blacklist support since it can be implemented nicely already.=20
Whatever I did in the firewall script would just add code to duplicate mu=
of the following:

In /etc/shorewall/zones:

bl=09Blacklist=09List of black-listed hosts/nets
net=09Internet=09The untrusted Internet
loc=09Local=09=09My Local Network

It is important that 'bl' be before 'net'.

Assuming that your internet interface is eth0, in /etc/shorewall/interfac=


In /etc/shorewall/hosts:


where the ipX are subnets and/or ip addresses. If you want to put them in=
file (lets say /etc/shorewall/blacklist) with one entry per line, then in
/etc/shorewall/params, you can put:

=09BLACKLIST=3D'cat /etc/shorewall/blacklist'
=09BLACKLIST=3D'echo $BLACKLIST | sed 's/ /,/g'`

and in /etc/shorewall/hosts put:


In /etc/shorewall/policy


That's it! All packets from the blacklisted hosts will be dropped.

If one of you that has a need for a black list would try the above and le=
t us=20
know how it works, the rest of us would appreciate it.

Tom Eastep    \ A Firewall for Linux 2.4.*
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net