# # Authors: Stephen Smalley and Timothy Fraser # # Modified by Reino Wallin # Multi NIC, and IPSEC features # Modified by Russell Coker # Move port types to their respective domains, add ifdefs, other cleanups. type xserver_port_t, port_type; # # Defines used by the te files need to be defined outside of net_constraints # type rsh_port_t, port_type, reserved_port_type; type dns_port_t, port_type, reserved_port_type; type smtp_port_t, port_type, reserved_port_type; type dhcpd_port_t, port_type, reserved_port_type; type smbd_port_t, port_type, reserved_port_type; type nmbd_port_t, port_type, reserved_port_type; type http_cache_port_t, port_type; type http_port_t, port_type, reserved_port_type; type ipp_port_t, port_type, reserved_port_type; type gopher_port_t, port_type, reserved_port_type; type isakmp_port_t, port_type, reserved_port_type; allow web_client_domain { http_cache_port_t http_port_t }:tcp_socket name_connect; type pop_port_t, port_type, reserved_port_type; type ftp_port_t, port_type, reserved_port_type; type ftp_data_port_t, port_type, reserved_port_type; ############################################ # # Network types # # # mail_port_t is for generic mail ports shared by different mail servers # type mail_port_t, port_type; # # Ports used to communicate with kerberos server # type kerberos_port_t, port_type, reserved_port_type; type kerberos_admin_port_t, port_type, reserved_port_type; # # Ports used to communicate with portmap server # type portmap_port_t, port_type, reserved_port_type; # # Ports used to communicate with ldap server # type ldap_port_t, port_type, reserved_port_type; # # port_t is the default type of INET port numbers. # The *_port_t types are used for specific port # numbers in net_contexts or net_contexts.mls. # type port_t, port_type; # reserved_port_t is the default type for INET reserved ports # that are not otherwise mapped to a specific port type. type reserved_port_t, port_type; # # netif_t is the default type of network interfaces. # The netif_*_t types are used for specific network # interfaces in net_contexts or net_contexts.mls. # type netif_t, netif_type; type netif_lo_t, netif_type; # # node_t is the default type of network nodes. # The node_*_t types are used for specific network # nodes in net_contexts or net_contexts.mls. # type node_t, node_type; type node_lo_t, node_type; type node_internal_t, node_type; type node_inaddr_any_t, node_type; type node_unspec_t, node_type; type node_link_local_t, node_type; type node_site_local_t, node_type; type node_multicast_t, node_type; type node_mapped_ipv4_t, node_type; type node_compat_ipv4_t, node_type; # Kernel-generated traffic, e.g. ICMP replies. allow kernel_t netif_type:netif { rawip_send rawip_recv }; allow kernel_t node_type:node { rawip_send rawip_recv }; # Kernel-generated traffic, e.g. TCP resets. allow kernel_t netif_type:netif { tcp_send tcp_recv }; allow kernel_t node_type:node { tcp_send tcp_recv }; type radius_port_t, port_type; type radacct_port_t, port_type; type rndc_port_t, port_type, reserved_port_type; type tftp_port_t, port_type, reserved_port_type; type printer_port_t, port_type, reserved_port_type; type mysqld_port_t, port_type; type postgresql_port_t, port_type; type ptal_port_t, port_type; type howl_port_t, port_type; type dict_port_t, port_type; type syslogd_port_t, port_type, reserved_port_type; type spamd_port_t, port_type, reserved_port_type; type ssh_port_t, port_type, reserved_port_type; type pxe_port_t, port_type; type amanda_port_t, port_type; type fingerd_port_t, port_type, reserved_port_type; type dhcpc_port_t, port_type, reserved_port_type; type ntp_port_t, port_type, reserved_port_type; type stunnel_port_t, port_type; type zebra_port_t, port_type; type i18n_input_port_t, port_type; type vnc_port_t, port_type; type pegasus_http_port_t, port_type; type pegasus_https_port_t, port_type; type openvpn_port_t, port_type; type clamd_port_t, port_type; type transproxy_port_t, port_type; type clockspeed_port_t, port_type; type pyzor_port_t, port_type; type postgrey_port_t, port_type; type asterisk_port_t, port_type; type utcpserver_port_t, port_type; type nessus_port_t, port_type; type razor_port_t, port_type; type distccd_port_t, port_type; type socks_port_t, port_type; type gatekeeper_port_t, port_type; type dcc_port_t, port_type; type lrrd_port_t, port_type; type jabber_client_port_t, port_type; type jabber_interserver_port_t, port_type; type ircd_port_t, port_type; type giftd_port_t, port_type; type soundd_port_t, port_type; type imaze_port_t, port_type; type monopd_port_t, port_type; # Differentiate between the port where amavisd receives mail, and the # port where it returns cleaned mail back to the MTA. type amavisd_recv_port_t, port_type; type amavisd_send_port_t, port_type; type innd_port_t, port_type, reserved_port_type; type snmp_port_t, port_type, reserved_port_type; type biff_port_t, port_type, reserved_port_type; type hplip_port_t, port_type; #inetd_child_ports type rlogind_port_t, port_type, reserved_port_type; type telnetd_port_t, port_type, reserved_port_type; type comsat_port_t, port_type, reserved_port_type; type cvs_port_t, port_type; type dbskkd_port_t, port_type; type inetd_child_port_t, port_type, reserved_port_type; type ktalkd_port_t, port_type, reserved_port_type; type rsync_port_t, port_type, reserved_port_type; type uucpd_port_t, port_type, reserved_port_type; type swat_port_t, port_type, reserved_port_type; type zope_port_t, port_type; type auth_port_t, port_type, reserved_port_type; # afs ports type afs_fs_port_t, port_type; type afs_pt_port_t, port_type; type afs_vl_port_t, port_type; type afs_ka_port_t, port_type; type afs_bos_port_t, port_type;