[rsbac] restricting network access
Andreas Baetz
lac01 at web.de
Wed Dec 17 13:23:25 CET 2003
On Wednesday 17 December 2003 12:23, Amon Ott wrote:
> On Mittwoch, 17. Dezember 2003 09:00, Andreas Baetz wrote:
> > When i enter an URL into the browser, it does not work, and there comes a
>
> logging entry like:
> > Dec 17 08:45:16 kernel: rsbac_adf_request(): request SEND, pid 14793,
> > ppid
>
> 14791,
>
> > prog_name MozillaFirebird, uid xxx, target_type NETOBJ, tid dfd77e34
> > INET DGRAM proto UDP local eth0:(local_address):34976 remote
>
> (DNS-Server):13568, attr , value 0, result NOT_GRANTED by RC
>
> > Why is that ? What does it do with port 13568 of the dns server ?
> > If I open General_NETOBJ and sniff the netowrk, it works and there is
> > only
>
> UDP traffic to port 53 of the dns Server.
>
> Which kernel version is this? Does the remote port change, or is it
> constant?
kernel is 2.4.22 with patch-2.4.22-v1.2.2
rsbac is 1.2.2
I closed the browser and restarted it several times, it seems the local and remote ports stay the same.
However, compared to my previous post, the local port is different while the remote port is the same.
No packet is recorded by a network sniffer.
If I disable the "udp_53" permission, the request is logged correctly:
Dec 17 13:20:48 kernel: rsbac_adf_request(): request CONNECT, pid 22823, ppid 22821,
prog_name MozillaFirebird, uid xxx, target_type NETOBJ, tid d0fdae34 INET DGRAM
proto UDP local 0.0.0.0:0 remote (DNS Server):53, attr , value 0, result NOT_GRANTED by RC
Andreas
More information about the rsbac
mailing list