[PATCH 0/2] iptables: add secmark match
Mr Dash Four
mr.dash.four at googlemail.com
Tue Mar 5 12:48:35 UTC 2013
The secmark match is used to match the security mark value
associated with a packet. For this extension to be available, the appropriate
SELinux support needs to be installed and present in the Linux kernel.
Examples:
iptables -I INPUT -p icmp --icmp-type 3 -m secmark --selctx system_u:object_r:dns_packet_t:s0 -j ACCEPT
iptables -I OUTPUT -m secmark --selctx system_u:object_r:ssh_packet_t:s0 -j DROP
Mr Dash Four (2):
iptables (userspace): add secmark match
iptables (kernel): add secmark match
More information about the selinux
mailing list