Comment 6 for bug 796588
Revision history for this message
| John Johansen (jjohansen) wrote Re: Limit inet and inet6 access by source or destination port | #6 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
f33e652
(Get the code!)
like what progress and where to find it?
Its being developed as part of the upstream apparmor project. The socket labeling portion has landed in ubuntu saucy. This does not allow for control based on ports or addresses but is the basis for that work.
So what is done is a base socket labeling on which other functionality can be based. The next step would be basic address/port binding (server setting up an address), and then send address mediation. This may happen for ipv4 (not ipv6) with in the next month as part of a dev preview to get feedback on the mediation approach. It is unlikely this will make it into saucy.
Can we expect to have it in future?
yes
Does it make sense to use dev package that converges with future versions of ubuntu?
yes. The apparmor project has a ppa that developments appear in once they reach a beta state.
https:/
Just anything. If i can find it somewhere else, a link would help me a lot.
the places to watch are the apparmor mailing list (its mostly a devel list but also takes general questions)
<email address hidden>
and of course you can always watch the ppa. I wouldn't recommend using the ppa on a production system, at least not upgrading everytime its updated. There are times its stable and other times its not