The secmark match is used to match the security mark value associated with a packet. For this extension to be available, the appropriate SELinux support needs to be installed and present in the Linux kernel. Examples: iptables -I INPUT -p icmp --icmp-type 3 -m secmark --selctx system_u:object_r:dns_packet_t:s0 -j ACCEPT iptables -I OUTPUT -m secmark --selctx system_u:object_r:ssh_packet_t:s0 -j DROP Mr Dash Four (2): iptables (userspace): add secmark match iptables (kernel): add secmark match -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
