The order of the subnet and netmask is wrong and also the value of netmask is wrong for single address subnet Also use an ipaddr reserved for documentation: https://tools.ietf.org/html/rfc5737 Signed-off-by: Dominick Grift <dominick.grift@xxxxxxxxxxx> --- secilc/docs/cil_network_labeling_statements.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/secilc/docs/cil_network_labeling_statements.md b/secilc/docs/cil_network_labeling_statements.md index 49a836c1..cb52e7cf 100644 --- a/secilc/docs/cil_network_labeling_statements.md +++ b/secilc/docs/cil_network_labeling_statements.md @@ -145,12 +145,12 @@ These examples show named and anonymous [`nodecon`](cil_network_labeling_stateme (context context_1 (unconfined.user object_r unconfined.object low_low)) (context context_2 (unconfined.user object_r unconfined.object (systemlow level_2))) - (ipaddr netmask_1 255.255.255.0) - (ipaddr ipv4_1 192.168.1.64) + (ipaddr netmask_1 255.255.255.255) + (ipaddr ipv4_1 192.0.2.64) - (nodecon netmask_1 ipv4_1 context_2) - (nodecon (255.255.255.0) (192.168.1.64) context_1) - (nodecon netmask_1 (192.168.1.64) (unconfined.user object_r unconfined.object ((s0) (s0 (c0))))) + (nodecon ipv4_1 netmask_1 context_2) + (nodecon (192.0.2.64) (255.255.255.255) context_1) + (nodecon (192.0.2.64) netmask_1 (unconfined.user object_r unconfined.object ((s0) (s0 (c0))))) portcon ------- -- 2.28.0
