[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Firewall rules using SELinux context (Was Re: RFE: FireKit)



Le vendredi 24 juillet 2009 à 19:22 -0400, Gregory Maxwell a écrit :

> Not just port numbers.

Well iptables already allows stuff like

-A OUTPUT -m owner ! --gid-owner apache -p tcp --dport http -j REDIRECT
--to-port tproxy

so you don't have to open ports for every process


-- 
Nicolas Mailhot

Attachment: signature.asc
Description: Ceci est une partie de message numériquement signée


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]