Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 467952

Summary: net-firewall/iptables - add gradm target support
Product: Gentoo Linux Reporter: Vadim A. Misbakh-Soloviov (mva) <mva>
Component: HardenedAssignee: The Gentoo Linux Hardened Team <hardened>
Status: RESOLVED INVALID    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Vadim A. Misbakh-Soloviov (mva) gentoo-dev 2013-04-30 07:21:25 UTC 
Not that I using RBAC, but just noticed, that we have no implementation of "gradm" iptables target, that can be added with this patch [1] which can be downloaded from [2].

I just tested the patch on iptables-1.4.18 source tree and it works like a charm.
So, maybe we have to add "hardened" (or, maybe, "gradm". let's discuss) useflag on iptables, which will apply that patch?

[1] http://grsecurity.net/test/grsecurity-2.2.0-iptables.patch
[2] http://grsecurity.net/test.php
Comment 1 Anthony Basile gentoo-dev 2013-04-30 12:45:02 UTC 
(In reply to comment #0)
> Not that I using RBAC, but just noticed, that we have no implementation of
> "gradm" iptables target, that can be added with this patch [1] which can be
> downloaded from [2].
> 
> I just tested the patch on iptables-1.4.18 source tree and it works like a
> charm.
> So, maybe we have to add "hardened" (or, maybe, "gradm". let's discuss)
> useflag on iptables, which will apply that patch?
> 
> [1] http://grsecurity.net/test/grsecurity-2.2.0-iptables.patch
> [2] http://grsecurity.net/test.php

The patch is already upstream in xtables-addons.  You can get it by doing USE=gradm emerge xtables-addons.

If you have problems with that, open a bug against xtables-addons.  We don't want to the iptables people with this.