TOMOYO
ForkHello.
SD wrote:
> In the future I will need to set IP range, that application would have to reach.
> And this range is all IPs. From manual I found out how to set small range (192.168.1.1 - 192.168.254.254). But how to set properly IP range for ALL IP?
> Because I want for some application enable to sent packets to any IP they want.
You can do
0.0.0.0-255.255.255.255
for allowing all IPv4 addresses and
0:0:0:0:0:0:0:0-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
for allowing all IPv6 addresses. For example,
allow_network UDP connect 0.0.0.0-255.255.255.255 0-65535
allow_network UDP connect 0:0:0:0:0:0:0:0-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 0-65535
will allow sending UDP packets to and receiving UDP packets from all IP
addresses and all ports.
If you want complicated combinations, you can use address_group . You can add
address_group local-address 10.0.0.0-10.255.255.255
address_group local-address 172.16.0.0-172.31.255.255
address_group local-address 192.168.0.0-192.168.255.255
and refer it like
allow_network UDP connect @local-address 0-65535
.
Also, if you are going to use TOMOYO 1.7.x , you can assign a profile which
does not check specific network operation. For example, if you define
3-CONFIG={ mode=enforcing }
3-CONFIG::network::inet_udp_connect={ mode=disabled }
permissions for sending UDP packets and receiving UDP packets won't be checked.
Regards.