Current version
Git/Latestdiff: 1.5.6
Latest Snapshots
Produced after each commit or rebase to new upstream version
GIT
RSBAC source code, can be unstable sometimes
No events planned
This shows you the differences between two versions of the page.
Next revision | Previous revision Last revision Both sides next revision | ||
wiki:experiences:igraltist:jail_shorewall [2008/07/14 02:16] 127.0.0.1 (old revision restored) |
wiki:experiences:igraltist:jail_shorewall [2008/07/14 04:32] 127.0.0.1 (old revision restored) |
||
---|---|---|---|
Line 14: | Line 14: | ||
allow-all-net-family | allow-all-net-family | ||
allow-inet-raw | allow-inet-raw | ||
- | allow-ipc-syslog) | + | allow-ipc-syslog |
+ | allow-ipc-parent) | ||
(net-admin | (net-admin | ||
sys-resource | sys-resource | ||
Line 25: | Line 26: | ||
sysctl | sysctl | ||
rlimit) | rlimit) | ||
+ | |||
+ | |||
+ | add this to the shorewall initscript | ||
+ | |||
+ | run-jail shorewall /sbin/shorewall -f start | ||
+ | |||
+ | or | ||
rsbac_jail -d -D -e -n -r -y -C NET_ADMIN SYS_RESOURCE SETUID SETGID NET_RAW -G firewall -M firewall net_id sysctl rlimit /sbin/shorewall -f start | rsbac_jail -d -D -e -n -r -y -C NET_ADMIN SYS_RESOURCE SETUID SETGID NET_RAW -G firewall -M firewall net_id sysctl rlimit /sbin/shorewall -f start |