[Shorewall-users] Blacklist

Charles J. Boening charlie@theboenings.com
Mon, 7 Jan 2002 13:27:23 -0800


Couldn't you also create a rule and blacklist hosts from certain
services?

Charles




-----Original Message-----
From: shorewall-users-admin@shorewall.net
[mailto:shorewall-users-admin@shorewall.net] On Behalf Of Tom Eastep
Sent: Monday, January 07, 2002 1:15 PM
To: Shorewall Users
Subject: [Shorewall-users] Blacklist


As it turns out, I don't think that it is necessary for Shorewall to
have 
explicit blacklist support since it can be implemented nicely already. 
Whatever I did in the firewall script would just add code to duplicate
much 
of the following:

In /etc/shorewall/zones:

bl	Blacklist	List of black-listed hosts/nets
net	Internet	The untrusted Internet
loc	Local		My Local Network
...

It is important that 'bl' be before 'net'.

Assuming that your internet interface is eth0, in
/etc/shorewall/interfaces

net	eth0	norfc1918,...

In /etc/shorewall/hosts:

bl	eth0:ip1,ip2,...

where the ipX are subnets and/or ip addresses. If you want to put them
in a 
file (lets say /etc/shorewall/blacklist) with one entry per line, then
in /etc/shorewall/params, you can put:

	BLACKLIST='cat /etc/shorewall/blacklist'
	BLACKLIST='echo $BLACKLIST | sed 's/ /,/g'`

and in /etc/shorewall/hosts put:

bl	eth0:$BLACKLIST

In /etc/shorewall/policy

bl	all	DROP

That's it! All packets from the blacklisted hosts will be dropped.

If one of you that has a need for a black list would try the above and
let us 
know how it works, the rest of us would appreciate it.

Thanks,
-Tom
-- 
Tom Eastep    \ A Firewall for Linux 2.4.*
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net
-------------------------------------------
_______________________________________________
Shorewall-users mailing list
Shorewall-users@shorewall.net
http://www.shorewall.net/mailman/listinfo/shorewall-users