[Shorewall-users] Blacklist

Charles J. Boening charlie@theboenings.com
Mon, 7 Jan 2002 13:27:23 -0800

Couldn't you also create a rule and blacklist hosts from certain


-----Original Message-----
From: shorewall-users-admin@shorewall.net
[mailto:shorewall-users-admin@shorewall.net] On Behalf Of Tom Eastep
Sent: Monday, January 07, 2002 1:15 PM
To: Shorewall Users
Subject: [Shorewall-users] Blacklist

As it turns out, I don't think that it is necessary for Shorewall to
explicit blacklist support since it can be implemented nicely already. 
Whatever I did in the firewall script would just add code to duplicate
of the following:

In /etc/shorewall/zones:

bl	Blacklist	List of black-listed hosts/nets
net	Internet	The untrusted Internet
loc	Local		My Local Network

It is important that 'bl' be before 'net'.

Assuming that your internet interface is eth0, in

net	eth0	norfc1918,...

In /etc/shorewall/hosts:

bl	eth0:ip1,ip2,...

where the ipX are subnets and/or ip addresses. If you want to put them
in a 
file (lets say /etc/shorewall/blacklist) with one entry per line, then
in /etc/shorewall/params, you can put:

	BLACKLIST='cat /etc/shorewall/blacklist'
	BLACKLIST='echo $BLACKLIST | sed 's/ /,/g'`

and in /etc/shorewall/hosts put:

bl	eth0:$BLACKLIST

In /etc/shorewall/policy

bl	all	DROP

That's it! All packets from the blacklisted hosts will be dropped.

If one of you that has a need for a black list would try the above and
let us 
know how it works, the rest of us would appreciate it.

Tom Eastep    \ A Firewall for Linux 2.4.*
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net
Shorewall-users mailing list