[rsbac] restricting network access

Amon Ott ao at rsbac.org
Wed Dec 17 14:33:20 CET 2003

On Mittwoch, 17. Dezember 2003 13:23, Andreas Baetz wrote:
> kernel is 2.4.22 with patch-2.4.22-v1.2.2
> rsbac is 1.2.2
> I closed the browser and restarted it several times, it seems the local and 
remote ports stay the same.
> However, compared to my previous post, the local port is different while the 
remote port is the same.
> No packet is recorded by a network sniffer.
> If I disable the "udp_53" permission, the request is logged correctly:
> Dec 17 13:20:48 kernel: rsbac_adf_request(): request CONNECT, pid 22823, 
ppid 22821, 
> prog_name MozillaFirebird, uid xxx, target_type NETOBJ, tid d0fdae34 INET 
> proto UDP local remote (DNS Server):53, attr , value 0, result 

With TCP, the case would be clear: On accept at remote, a new port gets 
assigned for the connection to free port 53 for other connections.

Since there is a CONNECT, it seems that the UDP socket gets pre-connected and 
thus also gets a new remote port. This means that you would have to allow 
SEND to (and RECEIVE from) high (>1023) UDP ports on the name server.

You could also try in softmode to get the whole picture.

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

More information about the rsbac mailing list