Feature requests (two)
Posted: Sun Dec 29, 2002 2:58 am
I am interested in two features that grsecurity does not seem to have currently. I am very happy with this tool overall.
1) For learning mode, it seems that the acl that is created is a copy of the default acl verbatim, followed with a few changes here and there. I feel it would be useful to see comments in the generated ACL to indicate where something was added beyond the default.
2) I would like to see the ability to have ACLs according to ip address. For example, lets assume my local network is 10.0.0.x. I would like to do something like:
This example would hide gradm from anyone on a network other than 10.0.0.x and 127.0.0.1.
Thoughts?
[/code]
1) For learning mode, it seems that the acl that is created is a copy of the default acl verbatim, followed with a few changes here and there. I feel it would be useful to see comments in the generated ACL to indicate where something was added beyond the default.
2) I would like to see the ability to have ACLs according to ip address. For example, lets assume my local network is 10.0.0.x. I would like to do something like:
- Code: Select all
/ {
/ r
...
IP{0.0.0.0/32} /sbin/gradm h
IP{10.0.0.0/24} /sbin/gradm rx
IP{127.0.0.1/32} /sbin/gradm rx
}
This example would hide gradm from anyone on a network other than 10.0.0.x and 127.0.0.1.
Thoughts?
[/code]