attribute netif_type;

attribute node_type;

attribute port_type;

attribute reserved_port_type;

#

# tun_tap_device_t is the type of /dev/net/tun/* and /dev/net/tap/*

#

type tun_tap_device_t;

devices_make_device_node(tun_tap_device_t)

########################################

#

# Ports

#

#

# port_t is the default type of INET port numbers.

#

type port_t, port_type;

#

# reserved_port_t is the type of INET port numbers below 1024.

#

type reserved_port_t, port_type, reserved_port_type;

network_port(amanda, udp,10080, tcp,10080, udp,10081, tcp,10081, tcp,10082, tcp,10083)

dnl network_port(biff) # no defined portcon in current strict

network_port(dbskkd, tcp,1178)

network_port(dhcpc, udp,68)

network_port(dhcpd, udp,67)

network_port(dict, tcp,2628)

network_port(dns, udp,53, tcp,53)

network_port(fingerd, tcp,79)

network_port(ftp_data, tcp,20)

network_port(ftp, tcp,21)

network_port(http_cache, tcp,3128, udp,3130, tcp,8080)

network_port(http, tcp,80, tcp,443)

network_port(inetd_child, tcp,7, udp,7, tcp,9, udp,9, tcp,13, udp,13, tcp,19, udp,19, tcp,37, udp,37, tcp,113, tcp,512, tcp,543, tcp,544, tcp,891, udp,891, tcp,892, udp,892, tcp,2105)

network_port(innd, tcp,119)

network_port(ipp, tcp,631, udp,631)

network_port(kerberos_admin, tcp,464, udp,464, tcp,749)

network_port(kerberos_master, tcp,4444, udp,4444)

network_port(kerberos, tcp,88, udp,88, tcp,750, udp,750)

network_port(ldap, tcp,389, udp,389, tcp,636, udp,636)

network_port(mail, tcp,2000)

network_port(nmbd, udp,137, udp,138, udp,139)

network_port(pop, tcp,106, tcp,109, tcp,110)

network_port(portmap, udp,111, tcp,111)

network_port(printer, tcp,515)

network_port(pxe, udp,4011)

network_port(radacct, udp,1646, udp,1813)

network_port(radius, udp,1645, udp,1812)

network_port(rsh, tcp,514)

network_port(smbd, tcp,137-139, tcp,445)

network_port(smtp, tcp,25, tcp,465, tcp,587)

network_port(snmp, udp,161, udp,162, tcp,199)

network_port(ssh, tcp,22)

dnl network_port(stunnel) # no defined portcon in current strict

network_port(swat, tcp,901)

network_port(syslogd, udp,514)

network_port(telnetd, tcp,23)

network_port(tftp, udp,69)

network_port(vnc, tcp,5900)

network_port(xserver, tcp,6001, tcp,6002, tcp,6003, tcp,6004, tcp,6005, tcp,6006, tcp,6007, tcp,6008, tcp,6009, tcp,6010, tcp,6011, tcp,6012, tcp,6013, tcp,6014, tcp,6015, tcp,6016, tcp,6017, tcp,6018, tcp,6019)

network_port(zebra, tcp,2601)

# Defaults for reserved ports.  Earlier portcon entries take precedence;

# these entries just cover any remaining reserved ports not otherwise

# declared or omitted due to removal of a domain.

portcon tcp 1-1023 system_u:object_r:reserved_port_t

portcon udp 1-1023 system_u:object_r:reserved_port_t

########################################

#

# Network nodes

#

#

# node_t is the default type of network nodes.

# The node_*_t types are used for specific network

# nodes in net_contexts or net_contexts.mls.

#

type node_t, node_type;

network_node(compat_ipv4, ::, ffff:ffff:ffff:ffff:ffff:ffff::)

network_node(inaddr_any, 0.0.0.0, 255.255.255.255)

dnl network_node(internal, , ) # no nodecon for this in current strict policy

network_node(link_local, fe80::, ffff:ffff:ffff:ffff::, )

network_node(lo, 127.0.0.1, 255.255.255.255)

network_node(mapped_ipv4, ::ffff:0000:0000, ffff:ffff:ffff:ffff:ffff:ffff::)

network_node(multicast, ff00::, ff00::)

network_node(site_local, fec0::, ffc0::)

network_node(unspec, ::, ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff)

########################################

#

# Network Interfaces:

#

#

# netif_t is the default type of network interfaces.

#

type netif_t, netif_type;

network_interface(lo)

network_interface(eth0)

network_interface(eth1)

network_interface(eth2)

network_interface(ippp0)

network_interface(ipsec0)

network_interface(ipsec1)

network_interface(ipsec2)