* [PATCH 0/2] iptables: add secmark match
@ 2013-03-05 12:48 Mr Dash Four
0 siblings, 0 replies; only message in thread
From: Mr Dash Four @ 2013-03-05 12:48 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: Eric Paris, Netfilter Core Team, Fedora SELinux Users
The secmark match is used to match the security mark value
associated with a packet. For this extension to be available, the appropriate
SELinux support needs to be installed and present in the Linux kernel.
Examples:
iptables -I INPUT -p icmp --icmp-type 3 -m secmark --selctx system_u:object_r:dns_packet_t:s0 -j ACCEPT
iptables -I OUTPUT -m secmark --selctx system_u:object_r:ssh_packet_t:s0 -j DROP
Mr Dash Four (2):
iptables (userspace): add secmark match
iptables (kernel): add secmark match
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2013-03-05 12:48 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-03-05 12:48 [PATCH 0/2] iptables: add secmark match Mr Dash Four
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.