Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 10-27-2005, 10:40 AM   #1
LQ Newbie
Registered: Dec 2004
Location: DC Metro area, US
Distribution: Mint 17.2 Cinnamon, Arch on ARM
Posts: 14

Rep: Reputation: 1
SELinux policy and Cisco vpn client

I have yet to actually sit down and dig into selinux policy, so my question is this:

Is Cisco's VPN client for Linux totally incompatible with SELinux, or is it just that no one's taken the trouble to write a policy for it? It seems totally incongruent that you have to disable a security feature of the OS in order to use a particular vendor's security application.
Old 10-28-2005, 03:21 AM   #2
Senior Member
Registered: May 2003
Location: /var/log/cabin
Distribution: All
Posts: 1,167

Rep: Reputation: 45
The client is no longer kernel dependent. I've not used it with the SELinux addon, but here are the settings to allow.

# Firewall configuration written by Cisco Systems
# Designed for the Linux VPN Client Virtual Adapter
# Blocks ALL traffic on eth0 except for tunneled traffic

# Allow all traffic in both directions through the VA adapter
-A INPUT -i cipsec0 -j ACCEPT
-A OUTPUT -o cipsec0 -j ACCEPT

# Accept all encrypted VPN Client traffic in either direction on eth0
-A INPUT -i eth0 -p udp -s 0/0 --sport 500 -d 0/0 --dport 500 -j ACCEPT
-A OUTPUT -o eth0 -p udp -s 0/0 --sport 500 -d 0/0 --dport 500 -j ACCEPT

-A INPUT -i eth0 -p udp -s 0/0 --sport 4500 -d 0/0 --dport 4500 -j ACCEPT
-A OUTPUT -o eth0 -p udp -s 0/0 --sport 4500 -d 0/0 --dport 4500 -j ACCEPT

-A OUTPUT -o eth0 -p udp -s 0/0 --sport 1024: -d 0/0 --dport 29747 -j ACCEPT

# Block all other traffic in either direction on eth0
-A INPUT -i eth0 -j REJECT
-A OUTPUT -o eth0 -j REJECT


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco VPN Client rgbeard Linux - Software 12 04-02-2008 11:44 PM
cisco vpn 4.6 client mnauta Linux - General 6 12-04-2005 06:03 PM
Cisco VPN-Client nodream Linux - Networking 3 12-23-2003 04:36 PM
Connect to Cisco VPN w/o Cisco VPN Client gboutwel Linux - Networking 4 02-07-2003 12:46 PM
Cisco VPN client swilde Linux - Networking 1 10-26-2002 07:31 PM

All times are GMT -5. The time now is 02:27 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration