[Shorewall-users] Blacklist

Tom Eastep teastep@shorewall.net
Mon, 7 Jan 2002 13:14:57 -0800


As it turns out, I don't think that it is necessary for Shorewall to have=
=20
explicit blacklist support since it can be implemented nicely already.=20
Whatever I did in the firewall script would just add code to duplicate mu=
ch=20
of the following:

In /etc/shorewall/zones:

bl=09Blacklist=09List of black-listed hosts/nets
net=09Internet=09The untrusted Internet
loc=09Local=09=09My Local Network
=2E..

It is important that 'bl' be before 'net'.

Assuming that your internet interface is eth0, in /etc/shorewall/interfac=
es

net=09eth0=09norfc1918,...

In /etc/shorewall/hosts:

bl=09eth0:ip1,ip2,...

where the ipX are subnets and/or ip addresses. If you want to put them in=
 a=20
file (lets say /etc/shorewall/blacklist) with one entry per line, then in
/etc/shorewall/params, you can put:

=09BLACKLIST=3D'cat /etc/shorewall/blacklist'
=09BLACKLIST=3D'echo $BLACKLIST | sed 's/ /,/g'`

and in /etc/shorewall/hosts put:

bl=09eth0:$BLACKLIST

In /etc/shorewall/policy

bl=09all=09DROP

That's it! All packets from the blacklisted hosts will be dropped.

If one of you that has a need for a black list would try the above and le=
t us=20
know how it works, the rest of us would appreciate it.

Thanks,
-Tom
--=20
Tom Eastep    \ A Firewall for Linux 2.4.*
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net
-------------------------------------------