On Fri, 12 Jul 2002 15:08:29 +1000, James Morris said: > Note that there is some coverage of IPv6 (and all socket-based protocols) > via the socket hooks. Thanks for the reminder there. Actually reading the code, and comparing it to what's shown up on our needs list, the struct socket_security_ops pointers suffice for our needs - we *do* care if userid X is trying to do a connect() or accept() to an unapproved destination, but don't need much intervention in the input/output/forward stuff beyond what we already do with the command-line iptables. -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
This archive was generated by hypermail 2b30 : Fri Jul 12 2002 - 06:08:52 PDT