# This file contains the rules for the Netlabel subsystem, for more information # please see the netlabelctl(1) man page. # # Each line contains just the arguments to the netlabel command #### # NOTE: By default the kernel sends unlabeled traffic and allows unlabled # traffic into the system, to disable that add the following two lines to # the beginning of your configuration. However, be warned that you # should only change these settings if you know what you are doing as you # could accidently disable networking with a bad configuration. # # Remove the default domain mapping #map del default # Do not accept incoming unlabeled packets #unlbl accept off #### # Unlabeled examples: # # Enable unlabeled packets #unlbl accept on # Disable unlabeled packets #unlbl accept off #### # CIPSOv4 examples: # # Create a CIPSOv4 DOI definition using a pass-through mapping with a DOI # value of 6 and the restricted bitmap tag (CIPSOv4 tag type #1) #cipsov4 add pass doi:6 tags:1 # Create a CIPSOv4 DOI definition using a standard mapping with a DOI value # of 8 and the restricted bitmap tag (CIPSOv4 tag type #1). The example # below maps MLS sensitivity levels and categories 0 through 2 to the same # values for both CIPSO and the Linux LSM #cipsov4 add std doi:8 tags:1 levels:0=0,1=1,2=2 categories:0=0,1=1,2=2 #### # LSM mapping examples: # # Create a default mapping for all LSM domains using the unlabeled protocol #map add default protocol:unlbl # Create a default mapping for all LSM domains using the CIPSOv4 protocol # with DOI number 6 #map add default protocol:cipsov4,6 # Create a mapping for the "secret_t" LSM domain and the CIPSOv4 protocol # with DOI number 8 #map add domain:secret_t protocol:cipsov4,8