| mac_portacl.4 (138563) | mac_portacl.4 (138586) |
|---|---|
| 1.\" Copyright (c) 2003 Networks Associates Technology, Inc. 2.\" All rights reserved. 3.\" 4.\" This software was developed for the FreeBSD Project by Chris Costello 5.\" at Safeport Network Services and Network Associates Labs, the 6.\" Security Research Division of Network Associates, Inc. under 7.\" DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the 8.\" DARPA CHATS research program. --- 14 unchanged lines hidden (view full) --- 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" | 1.\" Copyright (c) 2003 Networks Associates Technology, Inc. 2.\" All rights reserved. 3.\" 4.\" This software was developed for the FreeBSD Project by Chris Costello 5.\" at Safeport Network Services and Network Associates Labs, the 6.\" Security Research Division of Network Associates, Inc. under 7.\" DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the 8.\" DARPA CHATS research program. --- 14 unchanged lines hidden (view full) --- 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" |
| 31.\" $FreeBSD: head/share/man/man4/mac_portacl.4 138563 2004-12-08 15:58:38Z trhodes $ | 31.\" $FreeBSD: head/share/man/man4/mac_portacl.4 138586 2004-12-08 18:11:38Z trhodes $ |
| 32.\" | 32.\" |
| 33.Dd February 13, 2004 | 33.Dd December 8, 2004 |
| 34.Dt MAC_PORTACL 4 35.Os 36.Sh NAME 37.Nm mac_portacl 38.Nd "network port access control policy" 39.Sh SYNOPSIS 40To compile the port access control policy into your kernel, 41place the following lines in your kernel --- 160 unchanged lines hidden (view full) --- 202.Nm 203protected ports, even if the port access control list does not 204explicitly allow this. 205(Default: 1). 206.It Va security.mac.portacl.autoport_exempt 207Allow applications to use automatic binding to port 0. 208Often applications will use port 0 as a request for 209automatic port allocation before binding an IP address to | 34.Dt MAC_PORTACL 4 35.Os 36.Sh NAME 37.Nm mac_portacl 38.Nd "network port access control policy" 39.Sh SYNOPSIS 40To compile the port access control policy into your kernel, 41place the following lines in your kernel --- 160 unchanged lines hidden (view full) --- 202.Nm 203protected ports, even if the port access control list does not 204explicitly allow this. 205(Default: 1). 206.It Va security.mac.portacl.autoport_exempt 207Allow applications to use automatic binding to port 0. 208Often applications will use port 0 as a request for 209automatic port allocation before binding an IP address to |
| 210a socket. This tunable will exempt port 0 allocation from 211rule checking when a low port is required and | 210a socket. 211This tunable will exempt port 0 allocation from 212rule checking when a low port will not be used. 213For this to perform as expected, |
| 212.Dv IP_PORTRANGELOW | 214.Dv IP_PORTRANGELOW |
| 213is set to a value above 1. | 215is must not be set as it is used to request a 216low port. |
| 214.El 215.Sh SEE ALSO 216.Xr mac 3 , 217.Xr ip 4 , 218.Xr mac_biba 4 , 219.Xr mac_bsdextended 4 , 220.Xr mac_ifoff 4 , 221.Xr mac_mls 4 , --- 19 unchanged lines hidden --- | 217.El 218.Sh SEE ALSO 219.Xr mac 3 , 220.Xr ip 4 , 221.Xr mac_biba 4 , 222.Xr mac_bsdextended 4 , 223.Xr mac_ifoff 4 , 224.Xr mac_mls 4 , --- 19 unchanged lines hidden --- |