RE: using selinux to allow only certain hosts or networks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I've never done it but I think you can accomplish what you want by
setting up netfilter rules using iptables to label the incoming packets
from the specific hosts/networks that you wish to allow. Since ip
addresses can be spoofed, it won't be very secure unless you use ipsec. 

Josh Brindle wrote a good article on secure networking with SELinux:
http://securityblog.org/brindle/2007/05/28/secure-networking-with-selinu
x/


> -----Original Message-----
> From: fedora-selinux-list-bounces@xxxxxxxxxx
[mailto:fedora-selinux-list-
> bounces@xxxxxxxxxx] On Behalf Of Doug Sikora
> Sent: Tuesday, December 09, 2008 6:16 AM
> To: fedora-selinux-list@xxxxxxxxxx
> Subject: using selinux to allow only certain hosts or networks
> 
> The below rules came from audit2allow,
> 
> allow test_t inaddr_any_node_t:tcp_socket node_bind;
> allow test_t inaddr_any_node_t:udp_socket node_bind;
> 
> Instead of allowing "any_node" I would like to limit this to specific
> hosts and or networks.
> 
> Does anyone know the syntax for this?
> 
> Thanks
> Doug
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list


--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux