On 9/4/10 10:34 AM, Mr Dash Four wrote: > As part of the security policy I am writing I need to use the above 2 > options with iptables, but I am not sure whether they are supported in > Shorewall. > > Typically, I will add secure context marking to ip packets with the > following statement: > > iptables -t mangle -A INPUT -p tcp --dst 127.0.0.1 --dport 3306 -j > SECMARK --selctx system_u:object_r:mysqld_t:s0 > > This marks all packets to 127.0.0.1:3306 to be market with the > 'system_u:object_r:mysqld_t:s0' SELinux context. Does Shorewall provide > a better way of handling this as I am not very keen on writing 'raw' > statements and maintenance will be an absolute nightmare?
Shorewall does not currently support the SECMARK and CONNSECMARK targets. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
