• 1

does this require compat_net=1?

So RHEL5 and soon to be F8 are shipping with compat_net=0 which i believe means things like semanage port -a -t php_port_t -p tcp 9680 won't work.

I think for RHEL5 you will also have to set /selinux/compat_net = 1 in some sort of startup script.

In F8 you should be able to either set compat_net or use the 'new' way to do the port labeling:

Re: does this require compat_net=1?

No they should continue to work, Changes to compat_net will not effect the socket interfaces of name_connect/name_bind. They are lower level.

You do not need to do any port labeling to make this work.

Limit destination hosts

Hello, is it possible to limit what hosts a domain, ie httpd_t, can connect to on a specified port?


The above allow rule with name_connect doesn't seem to work, but it does work on replacing name_connect with name_bind and restart the httpd service.


  • 1

Log in