On Tue, 15 May 2001, Chris Wright wrote: > > > /etc/very/secret open. I'd like to be able to support tcp connect/accept > > > and udp send/recv to/from host:port via device (howz that for non-sense? ;-) > > > > Sounds like a lot of code ;-) I wonder if Linux can be persuaded to create > > "clone devices" (I don't think the exisiting aliases will be sufficient). > > Then, mark the clone device as trusted, and firewall the cloned device > > such that it only sends on 22/tcp. > > > > Bingo, you've re-used Linux's powerful network/firewall code, and as a > > bonus wrote a hell of a lot less code yourself. Also, you just hook at the > > device level rather than all over the network stack/firewall etc. > > I ran into some problems using the firewall code directly (in 2.2). First > and foremost...all inbound packet filtering happens on the bottom half. This [...] Sorry for the confusion, I was actually suggesting re-using the firewall stuff at the _userspace_ level not the kernel level. Chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed May 16 2001 - 14:28:27 PDT