next up previous contents
Next: 11.2 Usage of RAW Up: 11 Access control to Previous: 11 Access control to   Contents

11.1 Port usage

  1. Syntax
    allownet -protocol protocol -port port number permission;
    protocol: tcp,udp can be specified, splitted by ,.
    port number: number and -1023 and 1024- , and * can be described, splitted by ,.
    permission: client or server splitted by , can be described
  2. Meaning
    Allow permissions to be TCP/UDP server/client using port. Port number -1023 means, all unused ports under 1023. 1024- means all unused ports after 1024. * means all ports.
  3. Note about udp server
    If you describe allownet -protocol udp -port xxx server; The domain also behave as client to port number over 1024.
  4. Example 
    domain httpd_t;
# httpd_t can be server using port 80 and 443.
allownet -protocol tcp -port 80,443 server;
# httpd_t can use TCP/UDP 3306 service(MySQL) as client.
allownet -protocol tcp,udp 3306 client;
#Socket usage must be allowd to use port
allownet -protocol tcp,udp use;


2006-07-05