I've never done it but I think you can accomplish what you want by setting up netfilter rules using iptables to label the incoming packets from the specific hosts/networks that you wish to allow. Since ip addresses can be spoofed, it won't be very secure unless you use ipsec. Josh Brindle wrote a good article on secure networking with SELinux: http://securityblog.org/brindle/2007/05/28/secure-networking-with-selinu x/ > -----Original Message----- > From: fedora-selinux-list-bounces@xxxxxxxxxx [mailto:fedora-selinux-list- > bounces@xxxxxxxxxx] On Behalf Of Doug Sikora > Sent: Tuesday, December 09, 2008 6:16 AM > To: fedora-selinux-list@xxxxxxxxxx > Subject: using selinux to allow only certain hosts or networks > > The below rules came from audit2allow, > > allow test_t inaddr_any_node_t:tcp_socket node_bind; > allow test_t inaddr_any_node_t:udp_socket node_bind; > > Instead of allowing "any_node" I would like to limit this to specific > hosts and or networks. > > Does anyone know the syntax for this? > > Thanks > Doug > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
