The secmark match is used to match the security mark value associated with a packet. For this extension to be available, the appropriate SELinux support needs to be installed and present in the Linux kernel. Examples: iptables -I INPUT -p icmp --icmp-type 3 -m secmark --selctx system_u:object_r:dns_packet_t:s0 -j ACCEPT iptables -I OUTPUT -m secmark --selctx system_u:object_r:ssh_packet_t:s0 -j DROP Mr Dash Four (2): iptables (userspace): add secmark match iptables (kernel): add secmark match -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
