Not that I using RBAC, but just noticed, that we have no implementation of "gradm" iptables target, that can be added with this patch [1] which can be downloaded from [2]. I just tested the patch on iptables-1.4.18 source tree and it works like a charm. So, maybe we have to add "hardened" (or, maybe, "gradm". let's discuss) useflag on iptables, which will apply that patch? [1] http://grsecurity.net/test/grsecurity-2.2.0-iptables.patch [2] http://grsecurity.net/test.php
(In reply to comment #0) > Not that I using RBAC, but just noticed, that we have no implementation of > "gradm" iptables target, that can be added with this patch [1] which can be > downloaded from [2]. > > I just tested the patch on iptables-1.4.18 source tree and it works like a > charm. > So, maybe we have to add "hardened" (or, maybe, "gradm". let's discuss) > useflag on iptables, which will apply that patch? > > [1] http://grsecurity.net/test/grsecurity-2.2.0-iptables.patch > [2] http://grsecurity.net/test.php The patch is already upstream in xtables-addons. You can get it by doing USE=gradm emerge xtables-addons. If you have problems with that, open a bug against xtables-addons. We don't want to the iptables people with this.
