# This file contains the rules for the Netlabel subsystem, for more information
# please see the netlabelctl(1) man page.
#
# Each line contains just the arguments to the netlabel command
####
# NOTE: By default the kernel sends unlabeled traffic and allows unlabled
# traffic into the system, to disable that add the following two lines to
# the beginning of your configuration. However, be warned that you
# should only change these settings if you know what you are doing as you
# could accidently disable networking with a bad configuration.
#
# Remove the default domain mapping
#map del default
# Do not accept incoming unlabeled packets
#unlbl accept off
####
# Unlabeled examples:
#
# Enable unlabeled packets
#unlbl accept on
# Disable unlabeled packets
#unlbl accept off
####
# CIPSOv4 examples:
#
# Create a CIPSOv4 DOI definition using a pass-through mapping with a DOI
# value of 6 and the restricted bitmap tag (CIPSOv4 tag type #1)
#cipsov4 add pass doi:6 tags:1
# Create a CIPSOv4 DOI definition using a standard mapping with a DOI value
# of 8 and the restricted bitmap tag (CIPSOv4 tag type #1). The example
# below maps MLS sensitivity levels and categories 0 through 2 to the same
# values for both CIPSO and the Linux LSM
#cipsov4 add std doi:8 tags:1 levels:0=0,1=1,2=2 categories:0=0,1=1,2=2
####
# LSM mapping examples:
#
# Create a default mapping for all LSM domains using the unlabeled protocol
#map add default protocol:unlbl
# Create a default mapping for all LSM domains using the CIPSOv4 protocol
# with DOI number 6
#map add default protocol:cipsov4,6
# Create a mapping for the "secret_t" LSM domain and the CIPSOv4 protocol
# with DOI number 8
#map add domain:secret_t protocol:cipsov4,8