60 lines
1.7 KiB
Plaintext
60 lines
1.7 KiB
Plaintext
# This file contains the rules for the Netlabel subsystem, for more information
|
|
# please see the netlabelctl(1) man page.
|
|
#
|
|
# Each line contains just the arguments to the netlabel command
|
|
|
|
####
|
|
# NOTE: By default the kernel sends unlabeled traffic and allows unlabled
|
|
# traffic into the system, to disable that add the following two lines to
|
|
# the beginning of your configuration. However, be warned that you
|
|
# should only change these settings if you know what you are doing as you
|
|
# could accidently disable networking with a bad configuration.
|
|
#
|
|
|
|
# Remove the default domain mapping
|
|
#map del default
|
|
|
|
# Do not accept incoming unlabeled packets
|
|
#unlbl accept off
|
|
|
|
####
|
|
# Unlabeled examples:
|
|
#
|
|
|
|
# Enable unlabeled packets
|
|
#unlbl accept on
|
|
|
|
# Disable unlabeled packets
|
|
#unlbl accept off
|
|
|
|
|
|
####
|
|
# CIPSOv4 examples:
|
|
#
|
|
|
|
# Create a CIPSOv4 DOI definition using a pass-through mapping with a DOI
|
|
# value of 6 and the restricted bitmap tag (CIPSOv4 tag type #1)
|
|
#cipsov4 add pass doi:6 tags:1
|
|
|
|
# Create a CIPSOv4 DOI definition using a standard mapping with a DOI value
|
|
# of 8 and the restricted bitmap tag (CIPSOv4 tag type #1). The example
|
|
# below maps MLS sensitivity levels and categories 0 through 2 to the same
|
|
# values for both CIPSO and the Linux LSM
|
|
#cipsov4 add std doi:8 tags:1 levels:0=0,1=1,2=2 categories:0=0,1=1,2=2
|
|
|
|
|
|
####
|
|
# LSM mapping examples:
|
|
#
|
|
|
|
# Create a default mapping for all LSM domains using the unlabeled protocol
|
|
#map add default protocol:unlbl
|
|
|
|
# Create a default mapping for all LSM domains using the CIPSOv4 protocol
|
|
# with DOI number 6
|
|
#map add default protocol:cipsov4,6
|
|
|
|
# Create a mapping for the "secret_t" LSM domain and the CIPSOv4 protocol
|
|
# with DOI number 8
|
|
#map add domain:secret_t protocol:cipsov4,8
|