[Shorewall-users] SECMARK and CONNSECMARK support in Shorewall

As part of the security policy I am writing I need to use the above 2
options with iptables, but I am not sure whether they are supported in
Shorewall.

Typically, I will add secure context marking to ip packets with the
following statement:

iptables -t mangle -A INPUT -p tcp --dst 127.0.0.1 --dport 3306 -j
SECMARK --selctx system_u:object_r:mysqld_t:s0

This marks all packets to 127.0.0.1:3306 to be market with the
'system_u:object_r:mysqld_t:s0' SELinux context. Does Shorewall provide
a better way of handling this as I am not very keen on writing 'raw'
statements and maintenance will be an absolute nightmare? Thanks in advance!

------------------------------------------------------------------------------
This SF.net Dev2Dev email is sponsored by:

Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

• This message: [ Message body ]
• Next message: Tom Eastep: "Re: [Shorewall-users] SECMARK and CONNSECMARK support in Shorewall"
• Previous message: peasthope_at_nospam: "[Shorewall-users] Re (3): names of interfaces"
• Next in thread: Tom Eastep: "Re: [Shorewall-users] SECMARK and CONNSECMARK support in Shorewall"
• Reply: Tom Eastep: "Re: [Shorewall-users] SECMARK and CONNSECMARK support in Shorewall"
• Maybe reply: Mr Dash Four: "Re: [Shorewall-users] SECMARK and CONNSECMARK support in Shorewall"
• Maybe reply: Mr Dash Four: "Re: [Shorewall-users] SECMARK and CONNSECMARK support in Shorewall"
• Maybe reply: Tom Eastep: "Re: [Shorewall-users] SECMARK and CONNSECMARK support in Shorewall"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]