177 lines
5.7 KiB
Plaintext
177 lines
5.7 KiB
Plaintext
#
|
|
# Authors: Stephen Smalley <sds@epoch.ncsc.mil> and Timothy Fraser
|
|
#
|
|
|
|
# Modified by Reino Wallin <reino@oribium.com>
|
|
# Multi NIC, and IPSEC features
|
|
|
|
# Modified by Russell Coker
|
|
# Move port types to their respective domains, add ifdefs, other cleanups.
|
|
|
|
type xserver_port_t, port_type;
|
|
#
|
|
# Defines used by the te files need to be defined outside of net_constraints
|
|
#
|
|
type rsh_port_t, port_type, reserved_port_type;
|
|
type dns_port_t, port_type, reserved_port_type;
|
|
type smtp_port_t, port_type, reserved_port_type;
|
|
type dhcpd_port_t, port_type, reserved_port_type;
|
|
type smbd_port_t, port_type, reserved_port_type;
|
|
type nmbd_port_t, port_type, reserved_port_type;
|
|
type http_cache_port_t, port_type, reserved_port_type;
|
|
type http_port_t, port_type, reserved_port_type;
|
|
type ipp_port_t, port_type, reserved_port_type;
|
|
type gopher_port_t, port_type, reserved_port_type;
|
|
type isakmp_port_t, port_type, reserved_port_type;
|
|
|
|
allow web_client_domain { http_cache_port_t http_port_t }:tcp_socket name_connect;
|
|
type pop_port_t, port_type, reserved_port_type;
|
|
|
|
type ftp_port_t, port_type, reserved_port_type;
|
|
type ftp_data_port_t, port_type, reserved_port_type;
|
|
|
|
############################################
|
|
#
|
|
# Network types
|
|
#
|
|
|
|
#
|
|
# mail_port_t is for generic mail ports shared by different mail servers
|
|
#
|
|
type mail_port_t, port_type;
|
|
|
|
#
|
|
# Ports used to communicate with kerberos server
|
|
#
|
|
type kerberos_port_t, port_type, reserved_port_type;
|
|
type kerberos_admin_port_t, port_type, reserved_port_type;
|
|
type kerberos_master_port_t, port_type;
|
|
|
|
#
|
|
# Ports used to communicate with portmap server
|
|
#
|
|
type portmap_port_t, port_type, reserved_port_type;
|
|
|
|
#
|
|
# Ports used to communicate with ldap server
|
|
#
|
|
type ldap_port_t, port_type, reserved_port_type;
|
|
|
|
#
|
|
# port_t is the default type of INET port numbers.
|
|
# The *_port_t types are used for specific port
|
|
# numbers in net_contexts or net_contexts.mls.
|
|
#
|
|
type port_t, port_type;
|
|
|
|
# reserved_port_t is the default type for INET reserved ports
|
|
# that are not otherwise mapped to a specific port type.
|
|
type reserved_port_t, port_type;
|
|
|
|
#
|
|
# netif_t is the default type of network interfaces.
|
|
# The netif_*_t types are used for specific network
|
|
# interfaces in net_contexts or net_contexts.mls.
|
|
#
|
|
type netif_t, netif_type;
|
|
|
|
#
|
|
# node_t is the default type of network nodes.
|
|
# The node_*_t types are used for specific network
|
|
# nodes in net_contexts or net_contexts.mls.
|
|
#
|
|
type node_t, node_type;
|
|
type node_lo_t, node_type;
|
|
type node_internal_t, node_type;
|
|
type node_inaddr_any_t, node_type;
|
|
type node_unspec_t, node_type;
|
|
type node_link_local_t, node_type;
|
|
type node_site_local_t, node_type;
|
|
type node_multicast_t, node_type;
|
|
type node_mapped_ipv4_t, node_type;
|
|
type node_compat_ipv4_t, node_type;
|
|
|
|
# Kernel-generated traffic, e.g. ICMP replies.
|
|
allow kernel_t netif_type:netif { rawip_send rawip_recv };
|
|
allow kernel_t node_type:node { rawip_send rawip_recv };
|
|
|
|
# Kernel-generated traffic, e.g. TCP resets.
|
|
allow kernel_t netif_type:netif { tcp_send tcp_recv };
|
|
allow kernel_t node_type:node { tcp_send tcp_recv };
|
|
type radius_port_t, port_type;
|
|
type radacct_port_t, port_type;
|
|
type rndc_port_t, port_type, reserved_port_type;
|
|
type tftp_port_t, port_type, reserved_port_type;
|
|
type printer_port_t, port_type, reserved_port_type;
|
|
type mysqld_port_t, port_type;
|
|
type postgresql_port_t, port_type;
|
|
type ptal_port_t, port_type, reserved_port_type;
|
|
type howl_port_t, port_type;
|
|
type dict_port_t, port_type;
|
|
type syslogd_port_t, port_type, reserved_port_type;
|
|
type spamd_port_t, port_type, reserved_port_type;
|
|
type ssh_port_t, port_type, reserved_port_type;
|
|
type pxe_port_t, port_type;
|
|
type amanda_port_t, port_type;
|
|
type fingerd_port_t, port_type, reserved_port_type;
|
|
type dhcpc_port_t, port_type, reserved_port_type;
|
|
type ntp_port_t, port_type, reserved_port_type;
|
|
type stunnel_port_t, port_type;
|
|
type zebra_port_t, port_type;
|
|
type i18n_input_port_t, port_type;
|
|
type vnc_port_t, port_type;
|
|
type openvpn_port_t, port_type;
|
|
type clamd_port_t, port_type, reserved_port_type;
|
|
type transproxy_port_t, port_type;
|
|
type clockspeed_port_t, port_type;
|
|
type pyzor_port_t, port_type, reserved_port_type;
|
|
type postgrey_port_t, port_type;
|
|
type asterisk_port_t, port_type;
|
|
type utcpserver_port_t, port_type;
|
|
type nessus_port_t, port_type;
|
|
type razor_port_t, port_type;
|
|
type distccd_port_t, port_type;
|
|
type socks_port_t, port_type;
|
|
type gatekeeper_port_t, port_type;
|
|
type dcc_port_t, port_type;
|
|
type lrrd_port_t, port_type;
|
|
type jabber_client_port_t, port_type;
|
|
type jabber_interserver_port_t, port_type;
|
|
type ircd_port_t, port_type;
|
|
type giftd_port_t, port_type;
|
|
type soundd_port_t, port_type;
|
|
type imaze_port_t, port_type;
|
|
type monopd_port_t, port_type;
|
|
# Differentiate between the port where amavisd receives mail, and the
|
|
# port where it returns cleaned mail back to the MTA.
|
|
type amavisd_recv_port_t, port_type;
|
|
type amavisd_send_port_t, port_type;
|
|
type innd_port_t, port_type, reserved_port_type;
|
|
type snmp_port_t, port_type, reserved_port_type;
|
|
type biff_port_t, port_type, reserved_port_type;
|
|
type hplip_port_t, port_type;
|
|
|
|
#inetd_child_ports
|
|
|
|
type rlogind_port_t, port_type, reserved_port_type;
|
|
type telnetd_port_t, port_type, reserved_port_type;
|
|
type comsat_port_t, port_type, reserved_port_type;
|
|
type cvs_port_t, port_type;
|
|
type dbskkd_port_t, port_type, reserved_port_type;
|
|
type inetd_child_port_t, port_type, reserved_port_type;
|
|
type ktalkd_port_t, port_type, reserved_port_type;
|
|
type rsync_port_t, port_type, reserved_port_type;
|
|
type uucpd_port_t, port_type, reserved_port_type;
|
|
type swat_port_t, port_type, reserved_port_type;
|
|
type zope_port_t, port_type;
|
|
type auth_port_t, port_type, reserved_port_type;
|
|
|
|
# afs ports
|
|
|
|
type afs_fs_port_t, port_type;
|
|
type afs_pt_port_t, port_type;
|
|
type afs_vl_port_t, port_type;
|
|
type afs_ka_port_t, port_type;
|
|
type afs_bos_port_t, port_type;
|
|
|