Hide Forgot
time->Tue Jan 25 16:04:34 2011 type=AVC msg=audit(1295989474.550:354): avc: denied { recv } for src=68 daddr=255.255.255.255 dest=67 netif=eth0 scontext=system_u:system_r:dnsmasq_t:s0-s0:c0.c1023 tcontext=system_u:object_r:external_packet_t:s0 tclass=packet
Created attachment 475276 [details] iptables rules
Created attachment 475282 [details] selinux policy
This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle. Changing version to '19'. (As we did not run this process for some time, it could affect also pre-Fedora 19 development cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.) More information and reason for this action is here: https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora19
Is this still an issue with the 3.9 kernels in F19?
I think thats the wrong syntax for a rule. you apply the specified mask (in your rule, its 32) to the incomming source address, and then check to see if it matches your supplied address (in your rule 255.255.255.255). If they match you jump to the designated target (INTERNAL). That said, no valid ip address will ever match 255.255.255.255 when you apply an all 1's mask to it. I think you're intention was to match all incomming source addresses, isn't it? If thats the case, what you want is a rule that says: -A <CHAIN> -s 0.0.0.0/0 -j INTERNAL That will match on all source addresses. Or was your intention something else?
Dan?
Sounds good, I have not dealt with this stuff for a while, So you can close this bug.