iptables-restore not working with SELinux
I'm trying to use iptables-restore to load an iptables firewall configuration. I have SELinux enabled in enforcing mode. Every time I try to do this, I get a denial from SELinux, and an entry like this in the SELinux troubleshooter:
Code:
Source Context unconfined_u:unconfined_r:iptables_t:s0-s0:c0.c102 Regards David |
Quote:
Quote:
If you modified the iptables initscript then please change it back to defaults and use the default file location. If you need to change /etc/sysconfig/iptables for testing purposes you can use Sudo ('man sudoers') and say a script: Code:
#!/bin/sh -- If you do not care for any of that then you can run the AVC message through 'audit2allow' and add th result to your local SELinux policy. I hope that from what I explained that you understand why that is not a best practice and not a workaround anyone should be willing to support or use. |
I haven't changed anything, especially not the iptables initscript. What I'm trying to do is load a firewall configuration from a file, which happens to reside in my home directory. Reading the man page, iptables-restore should allow me to do that - it always has in the past. It shouldn't matter where the file resides.
What is the correct "selinux-approved" way of running iptables-restore? |
Quote:
|
All times are GMT -5. The time now is 07:36 AM. |