LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 10-27-2005, 11:40 AM   #1
NetArch
LQ Newbie
 
Registered: Dec 2004
Distribution: Mint 17.0 Cinnamon, Arch on ARM
Posts: 14

Rep: Reputation: 1
SELinux policy and Cisco vpn client


I have yet to actually sit down and dig into selinux policy, so my question is this:

Is Cisco's VPN client for Linux totally incompatible with SELinux, or is it just that no one's taken the trouble to write a policy for it? It seems totally incongruent that you have to disable a security feature of the OS in order to use a particular vendor's security application.
 
Old 10-28-2005, 04:21 AM   #2
Thoreau
Senior Member
 
Registered: May 2003
Location: /var/log/cabin
Distribution: All
Posts: 1,167

Rep: Reputation: 45
The client is no longer kernel dependent. I've not used it with the SELinux addon, but here are the settings to allow.

# Firewall configuration written by Cisco Systems
# Designed for the Linux VPN Client 4.6.03.0190 Virtual Adapter
# Blocks ALL traffic on eth0 except for tunneled traffic
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]

# Allow all traffic in both directions through the VA adapter
-A INPUT -i cipsec0 -j ACCEPT
-A OUTPUT -o cipsec0 -j ACCEPT

# Accept all encrypted VPN Client traffic in either direction on eth0
-A INPUT -i eth0 -p udp -s 0/0 --sport 500 -d 0/0 --dport 500 -j ACCEPT
-A OUTPUT -o eth0 -p udp -s 0/0 --sport 500 -d 0/0 --dport 500 -j ACCEPT

-A INPUT -i eth0 -p udp -s 0/0 --sport 4500 -d 0/0 --dport 4500 -j ACCEPT
-A OUTPUT -o eth0 -p udp -s 0/0 --sport 4500 -d 0/0 --dport 4500 -j ACCEPT

-A OUTPUT -o eth0 -p udp -s 0/0 --sport 1024: -d 0/0 --dport 29747 -j ACCEPT

# Block all other traffic in either direction on eth0
-A INPUT -i eth0 -j REJECT
-A OUTPUT -o eth0 -j REJECT
COMMIT
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco VPN Client rgbeard Linux - Software 12 04-03-2008 12:44 AM
cisco vpn 4.6 client mnauta Linux - General 6 12-04-2005 07:03 PM
Cisco VPN-Client nodream Linux - Networking 3 12-23-2003 05:36 PM
Connect to Cisco VPN w/o Cisco VPN Client gboutwel Linux - Networking 4 02-07-2003 01:46 PM
Cisco VPN client swilde Linux - Networking 1 10-26-2002 08:31 PM


All times are GMT -5. The time now is 09:25 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration