SHOREWALL-BLRULES(5) | Configuration Files | SHOREWALL-BLRULES(5) |
NAME¶
blrules - shorewall Blacklist fileSYNOPSIS¶
/etc/shorewall/blrules
DESCRIPTION¶
This file is used to perform blacklisting and whitelisting.Rules in this file are applied depending on the setting of BLACKLISTNEWONLY in shorewall.conf[1](5). If BLACKLISTNEWONLY=No, then they are applied regardless of the connection tracking state of the packet. If BLACKLISTNEWONLY=Yes, they are applied to connections in the NEW and INVALID states.
The format of rules in this file is the same as the format of rules in shorewall-rules (5)[2]. The difference in the two files lies in the ACTION (first) column.
ACTION- {ACCEPT|BLACKLIST|blacklog|CONTINUE|DROP|A_DROP|REJECT|A_REJECT|WHITELIST|LOG|QUEUE|NFQUEUE[(queuenumber)]|[?]COMMENT|action|macro[(target)]}[:{log-level|none}[!][:tag]]
BLACKLIST
blacklog
ACCEPT|CONTINUE|WHITELIST
DROP
A_DROP and A_DROP!
REJECT
A_REJECT
LOG
QUEUE
NFLOG[(nflog-parameters)]
NFQUEUE
?COMMENT
action
macro
Example: FTP(ACCEPT).
The ACTION may optionally be followed by ":" and a syslog log level (e.g, REJECT:info or Web(ACCEPT):debug). This causes the packet to be logged at the specified level.
If the ACTION names an action declared in shorewall-actions[4](5) or in /usr/share/shorewall/actions.std then:
You may also specify NFLOG (must be in upper case) as a log level.This will log to the NFLOG target for routing to a separate log through use of ulogd (http://www.netfilter.org/projects/ulogd/index.html).
Actions specifying logging may be followed by a log tag (a string of alphanumeric characters) which is appended to the string generated by the LOGPREFIX (in shorewall.conf[1](5)).
For the remaining columns, see shorewall-rules (5)[2].
EXAMPLE¶
Example 1:DROP net:[2001::/32] all
Example 2:
WHITELIST net:[2001:DB8::/64] all
FILES¶
/etc/shorewall/blrulesSEE ALSO¶
http://www.shorewall.net/blacklisting_support.htm[5]http://www.shorewall.net/configuration_file_basics.htm#Pairs[6]
shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-hosts(5), shorewall-interfaces(5), shorewall-maclist(5), shorewall6-netmap(5),shorewall-params(5), shorewall-policy(5), shorewall-providers(5), shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5), shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-mangle(5), shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)
NOTES¶
- 1.
- shorewall.conf
- 2.
- shorewall-rules (5)
- 4.
- shorewall-actions
03/16/2017 | Configuration Files |