11.3 Usage of Network Interface(netif) and IP address(node)

Next: 11.4 Inherit socket from Up: 11 Access control to Previous: 11.2 Usage of RAW Contents

11.3 Usage of Network Interface(netif) and IP address(node)

Usage of netif/node is allowed by this. In default policy, it is allowed to all domains.

Syntax
1. allownet -protocol protocol -netif name of NIC permission;
  protocol: tcp,udp,raw and * can be specified, splitted by ,.
  name of NIC: NIC name(such as lo,eth0,eth1) splitted by ,.
  permission: send or recv splitted by , can be described.
2. allownet -protocol protocol -node address permission;
  protocol: tcp,udp,raw and * can be specified, splitted by ,.
  address: ipv4address/netmask or * splitted by ,. Example: 192.168.0.1/255.255.255.0 . And * means all address.
  permission: send or recv splitted by , can be described.
Meaning
1. Allows to send or receive packet to/from NIC.
2. Allows to send or receive packet to/from IP address.

Example

{
domain httpd_t;
allownet -protocol tcp  use;
allownet -protocol tcp -port 80 server;
allownet -netif eth0 send,recv;
}
--> httpd_t can use tcp socket and be server using TCP 80 port.
And can send/recv packet to/from eth0.

2006-07-05