SHOREWALL6-BLRULES(5) | Configuration Files | SHOREWALL6-BLRULES(5) |
NAME¶
blrules - shorewall6 Blacklist fileSYNOPSIS¶
/etc/shorewall6/blrules
DESCRIPTION¶
This file is used to perform zone-specific blacklisting and whitelisting.Rules in this file are applied depending on the setting of BLACKLISTNEWONLY in shorewall6.conf[1](5). If BLACKLISTNEWONLY=No, then they are applied regardless of the connection tracking state of the packet. If BLACKLISTNEWONLY=Yes, they are applied to connections in the NEW and INVALID states.
The format of rules in this file is the same as the format of rules in shorewall6-rules[2](5). The difference in the two files lies in the ACTION (first) column.
ACTION- {ACCEPT|BLACKLIST|blacklog|CONTINUE|DROP|A_DROP|REJECT|A_REJECT|WHITELIST|LOG|QUEUE|NFQUEUE[(queuenumber)]|[?]COMMENT|action|macro[(target)]}[:{log-level|none}[!][:tag]]
BLACKLIST
blacklog
ACCEPT|CONTINUE|WHITELIST
DROP
A_DROP and A_DROP!
REJECT
A_REJECT
LOG
QUEUE
NFLOG[(nflog-parameters)]
NFQUEUE
?COMMENT
action
macro
Example: FTP(ACCEPT).
The ACTION may optionally be followed by ":" and a syslog log level (e.g, REJECT:info or Web(ACCEPT):debug). This causes the packet to be logged at the specified level.
If the ACTION names an action declared in shorewall6-actions[4](5) or in /usr/share/shorewall6/actions.std then:
You may also specify NFLOG (must be in upper case) as a log level.This will log to the NFLOG target for routing to a separate log through use of ulogd (http://www.netfilter.org/projects/ulogd/index.html).
Actions specifying logging may be followed by a log tag (a string of alphanumeric characters) which is appended to the string generated by the LOGPREFIX (in shorewall6.conf[1](5)).
For the remaining columns, see shorewall6-rules (5)[2].
EXAMPLE¶
Example 1:DROP net:[2001::/32] all
Example 2:
WHITELIST net:[2001:DB8::/64] all
FILES¶
/etc/shorewall6/blrulesSEE ALSO¶
http://www.shorewall.net/blacklisting_support.htm[5]http://www.shorewall.net/configuration_file_basics.htm#Pairs[6]
shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5), shorewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-mangle(5), shorewall6-tos(5), shorewall6-tunnels(5), shorewall6-zones(5)
NOTES¶
- 1.
- shorewall6.conf
- 2.
- shorewall6-rules
- 4.
- shorewall6-actions
03/16/2017 | Configuration Files |