The secmark match is used to match the security mark value
associated with a packet. For this extension to be available, the appropriate
SELinux support needs to be installed and present in the Linux kernel.
Examples:
iptables -I INPUT -p icmp --icmp-type 3 -m secmark --selctx
system_u:object_r:dns_packet_t:s0 -j ACCEPT
iptables -I OUTPUT -m secmark --selctx system_u:object_r:ssh_packet_t:s0 -j DROP
Mr Dash Four (2):
iptables (userspace): add secmark match
iptables (kernel): add secmark match
Show replies by date