RE: using selinux to allow only certain hosts or networks
I've never done it but I think you can accomplish what you want by
setting up netfilter rules using iptables to label the incoming packets
from the specific hosts/networks that you wish to allow. Since ip
addresses can be spoofed, it won't be very secure unless you use ipsec.
Josh Brindle wrote a good article on secure networking with SELinux:
http://securityblog.org/brindle/2007/05/28/secure-networking-with-selinu
x/
-----Original Message-----
From: fedora-selinux-list-bounces(a)redhat.com
[mailto:fedora-selinux-list-
bounces(a)redhat.com] On Behalf Of Doug Sikora
Sent: Tuesday, December 09, 2008 6:16 AM
To: fedora-selinux-list(a)redhat.com
Subject: using selinux to allow only certain hosts or networks
The below rules came from audit2allow,
allow test_t inaddr_any_node_t:tcp_socket node_bind;
allow test_t inaddr_any_node_t:udp_socket node_bind;
Instead of allowing "any_node" I would like to limit this to specific
hosts and or networks.
Does anyone know the syntax for this?
Thanks
Doug
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list