From 46e16a2d2a2b2ead53ef959795c6cb5cac227978 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Tue, 13 Apr 2010 11:55:04 -0400 Subject: [PATCH] Use port range notation in corenetwork where it makes sense. --- policy/modules/kernel/corenetwork.te.in | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in index 04f3dc7e..48baaa19 100644 --- a/policy/modules/kernel/corenetwork.te.in +++ b/policy/modules/kernel/corenetwork.te.in @@ -70,10 +70,10 @@ network_port(afs_ka, udp,7004,s0) network_port(afs_pt, udp,7002,s0) network_port(afs_vl, udp,7003,s0) network_port(agentx, udp,705,s0, tcp,705,s0) -network_port(amanda, udp,10080,s0, tcp,10080,s0, udp,10081,s0, tcp,10081,s0, tcp,10082,s0, tcp,10083,s0) +network_port(amanda, udp,10080-10082,s0, tcp,10080-10083,s0) network_port(amavisd_recv, tcp,10024,s0) network_port(amavisd_send, tcp,10025,s0) -network_port(aol, udp,5190,s0, tcp,5190,s0, udp,5191,s0, tcp,5191,s0, udp,5192,s0, tcp,5192,s0, udp,5193,s0, tcp,5193,s0) +network_port(aol, udp,5190-5193,s0, tcp,5190-5193,s0) network_port(apcupsd, tcp,3551,s0, udp,3551,s0) network_port(asterisk, tcp,1720,s0, udp,2427,s0, udp,2727,s0, udp,4569,s0) network_port(audit, tcp,60,s0) @@ -84,7 +84,7 @@ network_port(certmaster, tcp,51235,s0) network_port(chronyd, udp,323,s0) network_port(clamd, tcp,3310,s0) network_port(clockspeed, udp,4041,s0) -network_port(cluster, tcp,5149,s0, udp,5149,s0, tcp,40040,s0, tcp,50006,s0, udp,50006,s0, tcp,50007,s0, udp,50007,s0, tcp,50008,s0, udp,50008,s0) +network_port(cluster, tcp,5149,s0, udp,5149,s0, tcp,40040,s0, tcp,50006-50008,s0, udp,50006-50008,s0) network_port(cobbler, tcp,25151,s0) network_port(comsat, udp,512,s0) network_port(cvs, tcp,2401,s0, udp,2401,s0) @@ -140,8 +140,7 @@ network_port(monopd, tcp,1234,s0) network_port(msnp, tcp,1863,s0, udp,1863,s0) network_port(mssql, tcp,1433,s0, tcp,1434,s0, udp,1433,s0, udp,1434,s0) network_port(munin, tcp,4949,s0, udp,4949,s0) -network_port(mysqld, tcp,1186,s0, tcp,3306,s0) -portcon tcp 63132-63163 gen_context(system_u:object_r:mysqld_port_t, s0) +network_port(mysqld, tcp,1186,s0, tcp,3306,s0, tcp,63132-63163,s0) network_port(mysqlmanagerd, tcp,2273,s0) network_port(nessus, tcp,1241,s0) network_port(netsupport, tcp,5404,s0, udp,5404,s0, tcp,5405,s0, udp,5405,s0) @@ -194,7 +193,7 @@ network_port(syslogd, udp,514,s0) network_port(telnetd, tcp,23,s0) network_port(tftp, udp,69,s0) network_port(tor, tcp, 6969, s0, tcp,9001,s0, tcp,9030,s0, tcp,9050,s0, tcp,9051,s0) -network_port(traceroute, udp,64000,s0, udp,64001,s0, udp,64002,s0, udp,64003,s0, udp,64004,s0, udp,64005,s0, udp,64006,s0, udp,64007,s0, udp,64008,s0, udp,64009,s0, udp,64010,s0) +network_port(traceroute, udp,64000-64010,s0) network_port(transproxy, tcp,8081,s0) network_port(ups, tcp,3493,s0) type utcpserver_port_t, port_type; dnl network_port(utcpserver) # no defined portcon @@ -208,8 +207,8 @@ network_port(whois, tcp,43,s0, udp,43,s0, tcp, 4321, s0 , udp, 4321, s0 ) network_port(xdmcp, udp,177,s0, tcp,177,s0) network_port(xen, tcp,8002,s0) network_port(xfs, tcp,7100,s0) -network_port(xserver, tcp, 6000, s0, tcp,6001,s0, tcp,6002,s0, tcp,6003,s0, tcp,6004,s0, tcp,6005,s0, tcp,6006,s0, tcp,6007,s0, tcp,6008,s0, tcp,6009,s0, tcp,6010,s0, tcp,6011,s0, tcp,6012,s0, tcp,6013,s0, tcp,6014,s0, tcp,6015,s0, tcp,6016,s0, tcp,6017,s0, tcp,6018,s0, tcp,6019,s0, tcp,6020,s0) -network_port(zebra, tcp,2600,s0, tcp,2601,s0, tcp,2602,s0, tcp,2603,s0, tcp,2604,s0, tcp,2606,s0, udp,2600,s0, udp,2601,s0, udp,2602,s0, udp,2603,s0, udp,2604,s0, udp,2606,s0) +network_port(xserver, tcp,6000-6020,s0) +network_port(zebra, tcp,2600-2604,s0, tcp,2606,s0, udp,2600-2604,s0, udp,2606,s0) network_port(zope, tcp,8021,s0) # Defaults for reserved ports. Earlier portcon entries take precedence;