SELinux module to allow a single network port?

[Chris Adams <cmadams hiwaay net>]

I originally posted this to the RHEL5 list, but someone pointed me to
this list (I didn't realize there was an SELinux list).

I have done some minor SELinux customizations with a module, and now I'm
trying to do something a little more complicated.

I want to allow a CGI to do a "whois" lookup.  It is a perl script that
is attempting to open a TCP socket to port 43.  I ran audit2allow, but I
think the generated rule allows CGIs to open outbound sockets to any
port.  I'd rather just allow TCP to port 43.

I don't see a defined whois port type, and I don't know quite how to
define it myself in a module.

Help?

-- 
Chris Adams <cmadams hiwaay net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.