I am trying to build a custom policy for one of my applications, which
needs to:
1. Listen on a predefined range of tcp/udp ports (49200-49232); and
2. Connect to 25, 465, 110, 143, 993 & 995 tcp and 443, 1194 udp ports
All is done on the local (lo) interface, NOT ethX (this should be
prevented, if attempted!). The above port ranges cannot be changed!
There are a couple of difficulties I am facing, however:
1. The first range of ports already form part of the 'virt' port ranges
(49152-49216) in corenetwork.te.in. How do I define/use my own set of
ranges (even if it clashes with another range type defined elsewhere) in
order to allow 'corenet_tcp_bind' and 'corenet_udp_bind' macros to do
their job and use them in my custom.te? Is there another way of doing
name_bind?
2. The second port ranges form part of the 'pop', 'smtp' and
'openvpn'
(as defined in corenetwork.te.in), but I do not wish to use the whole
ranges when allowing a connection to be made. I also want to restrict
these connections to be on the local interface only. Is there a way I
could do that in my custom.te?
Thanks in advance!
Show replies by date