Firewall rules using SELinux context (Was Re: RFE: FireKit)
Nicolas Mailhot
nicolas.mailhot at laposte.net
Sat Jul 25 10:05:36 UTC 2009
Le vendredi 24 juillet 2009 à 19:22 -0400, Gregory Maxwell a écrit :
> Not just port numbers.
Well iptables already allows stuff like
-A OUTPUT -m owner ! --gid-owner apache -p tcp --dport http -j REDIRECT
--to-port tproxy
so you don't have to open ports for every process
--
Nicolas Mailhot
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Ceci est une partie de message
=?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20090725/f5723631/attachment.bin
More information about the devel
mailing list