Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Is fwknop compatible with SELinux?

compatible fwknop SELinux
0
Posted

Is fwknop compatible with SELinux?

0 CommentsAdd a Comment

1 Answer

0

Given that complex programs such as tcpdump and iptables that need specialized system access are compatible with SELinux, fwknop is also compatible. However, there isn’t yet a list of things that need to be altered in an SELinux policy in order to make fwknop work properly. Depending on its configuration, fwknopd may need to execute GnuPG and it may also need to put an interface in promiscuous mode (although this can be controlled with the ENABLE_PCAP_PROMISC variable in the /etc/fwknop/fwknop.conf file). On Linux, fwknopd always needs to execute iptables commands to alter the local iptables policy when a valid SPA packet is seen. If you have fwknop working under SELinux and you don’t mind sharing, please send the steps necessary to get this to work to mbr.at.cipherdyne.org, and I will post these steps here (with attribution of course).

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123