On Thu, Jan 7, 2016 at 10:11 PM, Mark Steele <mark@xxxxxxxxxxxxxxxxxxx> wrote: > Hi all, > > I would like to know what a good approach might be to prevent packet > sniffing on a local node from being able to see the network traffic related > to an application. > > Would iptables (secmark/connsecmark) do the trick to prevent tools like > tcpdump from being able to see these packets? Are there alternative > approaches that would be better for handling this? You should be able to block access to raw/packet sockets for a given domain which would effectively prevent you from running tcpdump, or similar tools. However, applying that system wide would be difficult. -- paul moore www.paul-moore.com _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
