As part of the security policy I am writing I need to use the above 2 options with iptables, but I am not sure whether they are supported in Shorewall.
Typically, I will add secure context marking to ip packets with the following statement: iptables -t mangle -A INPUT -p tcp --dst 127.0.0.1 --dport 3306 -j SECMARK --selctx system_u:object_r:mysqld_t:s0 This marks all packets to 127.0.0.1:3306 to be market with the 'system_u:object_r:mysqld_t:s0' SELinux context. Does Shorewall provide a better way of handling this as I am not very keen on writing 'raw' statements and maintenance will be an absolute nightmare? Thanks in advance! ------------------------------------------------------------------------------ This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
