Charles J. Boening
Mon, 7 Jan 2002 13:27:23 -0800
Couldn't you also create a rule and blacklist hosts from certain
[mailto:email@example.com] On Behalf Of Tom Eastep
Sent: Monday, January 07, 2002 1:15 PM
To: Shorewall Users
Subject: [Shorewall-users] Blacklist
As it turns out, I don't think that it is necessary for Shorewall to
explicit blacklist support since it can be implemented nicely already.
Whatever I did in the firewall script would just add code to duplicate
of the following:
bl Blacklist List of black-listed hosts/nets
net Internet The untrusted Internet
loc Local My Local Network
It is important that 'bl' be before 'net'.
Assuming that your internet interface is eth0, in
net eth0 norfc1918,...
where the ipX are subnets and/or ip addresses. If you want to put them
file (lets say /etc/shorewall/blacklist) with one entry per line, then
in /etc/shorewall/params, you can put:
BLACKLIST='echo $BLACKLIST | sed 's/ /,/g'`
and in /etc/shorewall/hosts put:
bl all DROP
That's it! All packets from the blacklisted hosts will be dropped.
If one of you that has a need for a black list would try the above and
know how it works, the rest of us would appreciate it.
Tom Eastep \ A Firewall for Linux 2.4.*
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ firstname.lastname@example.org
Shorewall-users mailing list