[rsbac] restricting network access
Amon Ott
ao at rsbac.org
Wed Dec 17 14:33:20 CET 2003
On Mittwoch, 17. Dezember 2003 13:23, Andreas Baetz wrote:
> kernel is 2.4.22 with patch-2.4.22-v1.2.2
> rsbac is 1.2.2
>
> I closed the browser and restarted it several times, it seems the local and
remote ports stay the same.
> However, compared to my previous post, the local port is different while the
remote port is the same.
> No packet is recorded by a network sniffer.
>
> If I disable the "udp_53" permission, the request is logged correctly:
>
> Dec 17 13:20:48 kernel: rsbac_adf_request(): request CONNECT, pid 22823,
ppid 22821,
> prog_name MozillaFirebird, uid xxx, target_type NETOBJ, tid d0fdae34 INET
DGRAM
> proto UDP local 0.0.0.0:0 remote (DNS Server):53, attr , value 0, result
NOT_GRANTED by RC
With TCP, the case would be clear: On accept at remote, a new port gets
assigned for the connection to free port 53 for other connections.
Since there is a CONNECT, it seems that the UDP socket gets pre-connected and
thus also gets a new remote port. This means that you would have to allow
SEND to (and RECEIVE from) high (>1023) UDP ports on the name server.
You could also try in softmode to get the whole picture.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list