I propose to create a new NetFilter table dedicated to rules created programmatically (not by explicit admin's iptables command). Otherwise an admin could be tempted to say `iptables -F security` which would probably break rules created for example by sandboxing software (which may follow same-origin policy to restrict one particular program to certain domain and port only). Note that in this case `iptables -F security` is a security risk (sandbox breaking)? New table could be possibly be called: - temp - temporary - auto - automatic - volatile - daemon - system - sys In iptables docs it should be said that this table should not be manipulated manually. -- Victor Porton - http://portonvictor.org _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
