IP ACL reverse policy

Submit your RBAC policies or suggest policy improvements

IP ACL reverse policy

Postby gt » Wed Jul 16, 2003 11:26 am

I want to enforce the following role:

/usr/bin/mozilla is allowed to connect to every IP but those of my LAN (i.e. 192.168.1.0/24).

I understand that the default policy of the connect-statement is to deny every connection but the specified IPs.
At the moment (using grsec-2.0-rc1) there seems to be no way to achieve that. Do I miss something here?

If not I would like to request a feature:
Implementation of a reverse policy "accept", which grants every connection to all IPs but to the specified ones (analogous to iptables).

Thanks in advance for any ideas.
gt
 
Posts: 1
Joined: Wed Jul 16, 2003 11:09 am

Postby spender » Mon Jul 21, 2003 7:38 pm

i'll implement that for 2.0-rc3.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm


Return to RBAC policy development

cron