[grsec] Connect statement in policy.
Brad Spengler
spender at grsecurity.net
Wed Feb 23 13:59:21 EST 2005
On Wed, Feb 23, 2005 at 11:07:21AM -0700, John Anderson wrote:
> Is there any way currently to use hostnames instead of IP/SNM in the
> Connect: clause of a policy file? I've tried several different methods
> with no luck. Unfortunately the docs I have are pretty old. If there
> is no way currently, is this capability being planned for future releases?
It doesn't currently, but it is something I could add to my TODO list.
The only caveat my proposed implementation is that the hostnames would be
interpreted in userspace and expanded into whatever IPs they resolve to,
and then those IPs will be passed to the kernel. This means that if you
changed the IP a hostname resolved to, you would need to restart the
RBAC system. Would this be acceptable for what you wanted hostnames
for?
-Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20050223/65b8a16a/attachment.pgp
More information about the grsecurity
mailing list