On Wed, 14 Aug 2002 01:14, lists brk wrote: > So what kind of acess control does LSM envision? (what > can preroute_first or preroute_last etc. do?) > > Can this access control be based on the header field > values of the IPv4 packets? > > If it is possible to perform access control based on > header field values of the IPv4 packets, then is there > any need for Netfilter? > > I dont know if these questions make any sense. > Thanks in advance for any replies. LSM merely allows intercepting kernel operations, it's up to the security manager (SE Linux, OpenWall, LIDS, DTE, whatever) to decide what has to be done for a packet to be passed. So I guess you could write a LSM module that does everything that NetFilter does. But why would you want to? NetFilter is very capable, it's in wide use (so it's easy to find people who know how to use it), and by all accounts it's speed is reasonable good. Why would you want to reinvent the wheel? Russell Coker _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Aug 13 2002 - 17:09:25 PDT