[rsbac] rsbac + iptables
Amon Ott
ao at rsbac.org
Wed Apr 13 10:14:28 CEST 2005
On Mittwoch 13 April 2005 10:03, Andrea Pasquinucci wrote:
> I would like to ask how to protect the iptables firewall rules from
> root. The way I do is to allow the Role BOOT to use /sbin/iptables
and
> /lib/iptables/*.so but to deny the use of these to anybody else. In
this
> way, at boot the rules are inserted and then nobody can use
> /sbin/iptables anymore.
>
> This is not satisfactory in my opinion, since root could install a
new
> version of iptables in /tmp and use it from there. Is there a way of
> blocking the iptables rules in the kernel? How? (Am I missing
> something silly?) Thanks,
All IPv4 firewall changes are protected as SCD target firewall. If any
change is not intercepted, please report this as a bug. :)
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list