Firewall rules using SELinux context (Was Re: RFE: FireKit)
Glen Turner
gdt at gdt.id.au
Mon Jul 27 08:23:43 UTC 2009
On 25/07/09 07:14, Simo Sorce wrote:
> What's the value of labeling packets based on source/destination ports ?
> Doesn't seem to add any new information.
Indeed.
Security marking can add an additional IP header, so that a multilevel
operating system on one machine can pass those multiple levels of data
across an intervening network.
--
Glen Turner
More information about the fedora-devel-list
mailing list