Firewall rules using SELinux context (Was Re: RFE: FireKit)
Nicolas Mailhot
nicolas.mailhot at laposte.net
Sat Jul 25 10:05:36 UTC 2009
Le vendredi 24 juillet 2009 à 19:22 -0400, Gregory Maxwell a écrit :
> Not just port numbers.
Well iptables already allows stuff like
-A OUTPUT -m owner ! --gid-owner apache -p tcp --dport http -j REDIRECT
--to-port tproxy
so you don't have to open ports for every process
--
Nicolas Mailhot
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Ceci est une partie de message num?riquement sign?e
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20090725/f5723631/attachment.sig>
More information about the fedora-devel-list
mailing list