Any software that can block network communications based on application layer data should also be able to exclude certain networks or IP addresses from any blocking actions based on a whitelist. At the same time, it should be able to force all packets to or from certain networks or IP addresses to be dropped according to a blacklist.
Whitelists and blacklists are supported by fwsnort with the
BLACKLIST variables in the /etc/fwsnort/fwsnort.conf file. For example, to ensure that fwsnort never takes action against communications that originate from or are destined for the webserver (IP address 192.168.10.3 in Figure 1-2), and to
DROP all packets to or from the IP address 192.168.10.200, include ...