Current version
Git/Latestdiff: 1.5.6
Latest Snapshots
Produced after each commit or rebase to new upstream version
GIT
RSBAC source code, can be unstable sometimes
No events planned
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
wiki:experiences:igraltist:jail_shorewall [2008/07/14 02:18] 127.0.0.1 (old revision restored) |
wiki:experiences:igraltist:jail_shorewall [2008/07/14 04:36] (current) 127.0.0.1 (old revision restored) |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | | + | <code bash> |
- | ; | + | ; |
- | ; RSBAC JAIL definition for shorewall | + | ; RSBAC JAIL definition for shorewall |
- | ; 20080707 | + | ; 20080707 |
- | ; | + | ; |
- | ; Tested by: | + | ; Tested by: |
- | ; igraltist on gentoo | + | ; igraltist on gentoo |
- | ; | + | ; |
- | "" | + | "" |
- | "0.0.0.0" | + | "0.0.0.0" |
- | (allow-dev-read | + | (allow-dev-read |
- | allow-dev-write | + | allow-dev-write |
- | allow-dev-get-status | + | allow-dev-get-status |
- | allow-all-net-family | + | allow-all-net-family |
- | allow-inet-raw | + | allow-inet-raw |
- | allow-ipc-syslog) | + | allow-ipc-syslog |
- | (net-admin | + | allow-ipc-parent) |
- | sys-resource | + | (net-admin |
- | setuid | + | sys-resource |
- | setgid | + | setuid |
- | net-raw) | + | setgid |
- | (firewall) | + | net-raw) |
- | (firewall | + | (firewall) |
- | net-id | + | (firewall |
- | sysctl | + | net-id |
- | rlimit) | + | sysctl |
+ | rlimit) | ||
+ | </code> | ||
add this to the shorewall initscript | add this to the shorewall initscript | ||
Line 32: | Line 33: | ||
or | or | ||
- | + | <code bash> | |
- | rsbac_jail -d -D -e -n -r -y -C NET_ADMIN SYS_RESOURCE SETUID SETGID NET_RAW -G firewall -M firewall net_id sysctl rlimit /sbin/shorewall -f start | + | rsbac_jail -d -D -e -n -r -y -P -C NET_ADMIN SYS_RESOURCE SETUID SETGID NET_RAW -G firewall -M firewall net_id sysctl rlimit /sbin/shorewall -f start |
+ | </code> | ||