 Global Policy Options |
 Resource Lists |
 Writable Resource Lists |
Allow modifications to these files |
List of files that can be modified |
Value="/selinux/access" |
Value="/selinux/context" |
Value="/selinux/relabel" |
Value="/selinux/user" |
 Read-only Resource Lists |
Block modifications to these files |
List of files that should not be modified |
Value="net/*/*/*" |
Value="/selinux/enforce" |
Value="/selinux/disable" |
Value="/etc/selinux/*" |
Value="/etc/sysconfig/selinux" |
 Network Controls |
 Inbound |
Globally set the default inbound rules to deny. |
 Kernel Driver Options [kernel_ps] |
 Advanced Options |
 Protection Categories |
 Application Data Protection |
Obey All Other Application Data Restrictions |
 Syscall Options |
Allow mounting and unmounting of file systems (mount,umount) |
 Network Controls |
 Inbound |
 Components |
Inbound hosts list |
List of inbound addresses. |
Localhost |
Any |
Global inbound hosts component |
Inbound tcp port list |
List of Inbound tcp ports |
sunrpc (111) |
msft-dc (445) |
dhcpclient (4999) |
Inbound udp port list |
List of Inbound udp ports |
sunrpc (111) |
high (1024-65535) |
router (520) |
snmp (161) |
bootpc (68) |
xdmcp (177) |
Inbound network rules |
List of rules to control connections into this system |
LocalPort="high (1024-65535)", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log" |
LocalPort="wellknown (0-1023)", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default inbound rule |
Default inbound rule action |
Allow |
Default inbound rule log setting |
Log when denying |
 Outbound |
 Components |
Outbound hosts list |
List of outbound addresses. |
Localhost |
Any |
Global outbound hosts component |
Outbound tcp port list |
List of outbound tcp ports |
sunrpc (111) |
nfs |
Outbound udp port list |
List of outbound udp ports |
sunrpc (111) |
bootpc (68) |
nfs |
Outbound network rules |
List of rules to control outbound network connections |
LocalPort="wellknown (0-1023)", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="wellknown (0-1023)", Protocol="TCP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default outbound rule |
Default outbound rule action |
Allow |
Default outbound rule log setting |
Log when denying |
 Host Security Programs [hsecurity_ps] |
 Advanced Options |
 Protection Categories |
 Application Data Protection |
Obey All Other Application Data Restrictions |
 Network Controls |
 Inbound |
 Components |
Inbound hosts list |
List of inbound addresses. |
Local IPs (IPv4 and IPv6) |
Global inbound hosts component |
Inbound tcp port list |
List of Inbound tcp ports |
sav tcp-fixed (2967) |
sav tcp-fixed (2968) |
sep server default port (8443) |
sep database default port (2638) |
sep admin port (9090) |
Any (0-65535) |
Inbound udp port list |
List of Inbound udp ports |
Any (0-65535) |
Inbound network rules |
List of rules to control connections into this system |
LocalPort="high (1024-65535)", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="Any (0-65535)", RemoteIP="Local IPs (IPv4 and IPv6)", Protocol="TCP", Action="Allow", Log="Do not log" |
LocalPort="Any (0-65535)", RemoteIP="Local IPs (IPv4 and IPv6)", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default inbound rule |
Default inbound rule action |
Allow |
Default inbound rule log setting |
Log when denying |
 Outbound |
 Components |
Outbound hosts list |
List of outbound addresses. |
Local IPs (IPv4 and IPv6) |
Global outbound hosts component |
Outbound tcp port list |
List of outbound tcp ports |
sav tcp-fixed (2967) |
sav tcp-fixed (2968) |
sep server default port (8443) |
sep database default port (2638) |
Any (0-65535) |
Outbound udp port list |
List of outbound udp ports |
high (1024-65535) |
Outbound network rules |
List of rules to control outbound network connections |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default outbound rule |
Default outbound rule action |
Allow |
Default outbound rule log setting |
Log when denying |
 NFS Server Access Options [remote_file_ps] |
 Protection Categories |
 Application Data Protection |
Obey All Other Application Data Restrictions |
 Daemon Options |
 General Daemon Options |
 Protection Categories |
 Application Data Protection |
Obey All Other Application Data Restrictions |
 Alternate Privilege Lists |
Specify Daemons with Safe privileges |
List of Daemons with Safe privilege |
Program="udevd" |
Program="/sbin/udev" |
Program="/sbin/udevd" |
Program="/sbin/udevadm" |
Program="start_udevd" |
Program="/usr/lib/systemd/systemd-udevd" |
Program="/usr/sbin/firewalld" |
Program="/usr/sbin/tuned" |
Program="/usr/libexec/gvfsd-fuse" |
Program="lvmetad" |
Program="/usr/sbin/lvmetad" |
Program="/sbin/upstart-udev-bridge" |
Program="/sbin/upstart-socket-bridge" |
Program="/etc/init.d/grub-common" |
 Process Logging Options |
Log process assignment messages |
Log process assignment command line arguments |
 Application Daemon Options |
 Apache Web Server and PHP [apache_ps] |
 Basic Options |
 Apache |
Specify installation directory |
Path for the installation directory |
/usr/local/apache |
/usr/local/apache2 |
/opt/sfw/apache |
/usr/apache |
Apache log path |
List of the paths that apache logs to. |
/var/apache/logs |
/usr/local/apache/logs |
/usr/local/apache2/logs |
/var/log/httpd |
/var/log/apache2 |
/etc/apache2/sysconfig.d |
 PHP |
Specify installation directory |
Path for the installation directory |
/usr/ |
 Advanced Options |
 Apache and PHP Application Data Protection |
 Apache and PHP Application File Data |
Block all access to the following Apache and PHP files |
Application data that should not be accessed |
/var/lib/php/session/* |
/etc/httpd/conf.d/php.conf |
/etc/php.d/* |
/etc/php.ini |
Block modifications to the following Apache and PHP files |
Application data that is read-only |
/usr/local/apr/* |
%php_instdir_path%/lib/httpd/modules/libphp* |
%php_instdir_path%/lib64/httpd/modules/libphp* |
%php_instdir_path%/lib/phpmodules/* |
%php_instdir_path%/lib64/phpmodules/* |
%php_instdir_path%/share/doc/php* |
%php_instdir_path%/share/doc/php*/* |
%php_instdir_path%/share/man/man*/php* |
%php_instdir_path%/bin/php* |
%-php_cgibin_path% |
 Apache and PHP Application Process Data |
Block all access to the following Apache and PHP processes |
Application data that should not be accessed |
Program="%-php_cgibin_path%" |
 Protection Categories |
 Application Data Protection |
Obey All Other Application Data Restrictions |
 Network Controls |
 Inbound |
 Components |
Inbound hosts list |
List of inbound addresses. |
Any |
Global inbound hosts component |
Inbound tcp port list |
List of Inbound tcp ports |
http (80) |
https (443) |
sunrpc (111) |
Inbound udp port list |
List of Inbound udp ports |
http (80) |
https (443) |
sunrpc (111) |
Inbound network rules |
List of rules to control connections into this system |
LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default inbound rule |
Default inbound rule action |
Deny |
Default inbound rule log setting |
Log |
 Outbound |
 Components |
Outbound hosts list |
List of outbound addresses. |
Any |
Global outbound hosts component |
Outbound tcp port list |
List of outbound tcp ports |
http (80) |
https (443) |
sunrpc (111) |
Outbound udp port list |
List of outbound udp ports |
http (80) |
https (443) |
sunrpc (111) |
Outbound network rules |
List of rules to control outbound network connections |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default outbound rule |
Default outbound rule action |
Deny |
Default outbound rule log setting |
Log |
 MySQL Server and Command Line Utilities [mysql_ps] |
 Basic Options |
Specify installation directory |
Path for the installation directory |
/usr/ |
/usr/local/ |
/usr/local/mysql |
MySQL log path |
List of the paths that MySQL logs to. |
/var/lib/mysql |
/usr/local/mysql/data |
 Advanced Options |
 MySQL Application Data Protection |
 MySQL Application File Data |
Block all access to the following MySQL files |
Application data that should not be accessed |
/var/lib/mysql/* |
/var/run/mysqld/* |
%mysql_instdir_path%/data/* |
%mysql_log_path% |
%mysql_log_path%/* |
/etc/my.cnf |
Block modifications to the following MySQL files |
Application data that is read-only |
/usr/sbin/mysqld* |
%mysql_instdir_path%/bin/mysql* |
%mysql_instdir_path%/scripts/mysql* |
/usr/lib/mysql/* |
/usr/lib64/mysql/* |
%mysql_instdir_path%/lib/libmysql* |
%mysql_instdir_path%/include/mysql/* |
%mysql_instdir_path%/include/mysql* |
/usr/share/mysql/* |
/usr/share/sql-bench/* |
%mysql_instdir_path%/sql-bench/* |
/usr/share/man/man1/mysql* |
/usr/share/man/man8/mysql* |
%mysql_instdir_path%/man/man1/mysql* |
%mysql_instdir_path%/man/man8/mysql* |
/etc/init.d/mysqld |
/etc/logrotate.d/mysql |
 MySQL Application Process Data |
Block all access to the following MySQL processes |
Application data that should not be accessed |
Program="/usr/bin/mysql*" |
Program="/usr/sbin/mysqld*" |
Program="%mysql_instdir_path%/bin/mysql*" |
Program="%mysql_instdir_path%/scripts/mysql*" |
 Protection Categories |
 Application Data Protection |
Obey All Other Application Data Restrictions |
 Network Controls |
 Inbound |
 Components |
Inbound hosts list |
List of inbound addresses. |
Any |
Global inbound hosts component |
Inbound tcp port list |
List of Inbound tcp ports |
mysql (3306) |
Inbound udp port list |
List of Inbound udp ports |
mysql (3306) |
Inbound network rules |
List of rules to control connections into this system |
LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default inbound rule |
Default inbound rule action |
Deny |
Default inbound rule log setting |
Log |
 Outbound |
 Components |
Outbound hosts list |
List of outbound addresses. |
Any |
Global outbound hosts component |
Outbound tcp port list |
List of outbound tcp ports |
mysql (3306) |
Outbound udp port list |
List of outbound udp ports |
mysql (3306) |
Outbound network rules |
List of rules to control outbound network connections |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default outbound rule |
Default outbound rule action |
Deny |
Default outbound rule log setting |
Log |
 Mail [mail_ps] |
 Advanced Options |
 Protection Categories |
 Application Data Protection |
Obey All Other Application Data Restrictions |
 Network Controls |
 Inbound |
 Components |
Inbound hosts list |
List of inbound addresses. |
Local IPs (IPv4 and IPv6) |
Any |
Global inbound hosts component |
Inbound tcp port list |
List of Inbound tcp ports |
smtp (25) |
ldap (389) |
slp (427) |
imap (143) |
imaps (993) |
pop3 (110) |
pop3s (995) |
Inbound udp port list |
List of Inbound udp ports |
ldap (389) |
slp (427) |
Inbound network rules |
List of rules to control connections into this system |
LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default inbound rule |
Default inbound rule action |
Deny |
Default inbound rule log setting |
Log |
 Outbound |
 Components |
Outbound hosts list |
List of outbound addresses. |
Local IPs (IPv4 and IPv6) |
Any |
Global outbound hosts component |
Outbound tcp port list |
List of outbound tcp ports |
smtp (25) |
ldap (389) |
slp (427) |
domain (53) |
Outbound udp port list |
List of outbound udp ports |
ldap (389) |
slp (427) |
domain (53) |
biff (512 UDP), ident |
Outbound network rules |
List of rules to control outbound network connections |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default outbound rule |
Default outbound rule action |
Deny |
Default outbound rule log setting |
Log |
 Sendmail [sendmail_ps] |
 Advanced Options |
 Protection Categories |
 Application Data Protection |
Obey All Other Application Data Restrictions |
 Network Controls |
 Inbound |
 Components |
Inbound hosts list |
List of inbound addresses. |
Any |
Global inbound hosts component |
Inbound tcp port list |
List of Inbound tcp ports |
smtp (25) |
auth (113), ident |
sunrpc (111) |
Inbound udp port list |
List of Inbound udp ports |
auth (113), ident |
sunrpc (111) |
Inbound network rules |
List of rules to control connections into this system |
LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default inbound rule |
Default inbound rule action |
Deny |
Default inbound rule log setting |
Log |
 Outbound |
 Components |
Outbound hosts list |
List of outbound addresses. |
Any |
Global outbound hosts component |
Outbound tcp port list |
List of outbound tcp ports |
smtp (25) |
auth (113), ident |
sunrpc (111) |
domain (53) |
Outbound udp port list |
List of outbound udp ports |
auth (113), ident |
sunrpc (111) |
domain (53) |
biff (512 UDP), ident |
Outbound network rules |
List of rules to control outbound network connections |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default outbound rule |
Default outbound rule action |
Deny |
Default outbound rule log setting |
Log |
 Symantec Storage Foundation HA [sfha_ps] |
 Advanced Options |
 Protection Categories |
 Application Data Protection |
Obey All Other Application Data Restrictions |
 Network Controls |
 Inbound |
 Components |
Inbound hosts list |
List of inbound addresses. |
Any |
Global inbound hosts component |
Inbound tcp port list |
List of Inbound tcp ports |
2148 |
Inbound udp port list |
List of Inbound udp ports |
2148 |
Inbound network rules |
List of rules to control connections into this system |
LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default inbound rule |
Default inbound rule action |
Allow |
Default inbound rule log setting |
Log when denying |
 Outbound |
 Components |
Outbound hosts list |
List of outbound addresses. |
Any |
Global outbound hosts component |
Outbound tcp port list |
List of outbound tcp ports |
8199 |
Outbound network rules |
List of rules to control outbound network connections |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default outbound rule |
Default outbound rule action |
Allow |
Default outbound rule log setting |
Log when denying |
 Syscall Options |
Allow mounting and unmounting of file systems (mount,umount) |
Allow creation of hard links (link) |
Allow creation of special files (mknod) |
Allow loading and unloading of kernel modules (modctl) |
 Core OS Daemon Options |
 Symantec Data Center Security Server Agent daemon [sdcssagent_ps] |
 Advanced Options |
 SDCSS Agent Application Data Protection |
 SDCSS Agent Application File Data |
Block all access to the following SDCSS Agent files |
Application data that should not be accessed |
%loginstallroot%/*.csv |
 Protection Categories |
 Application Data Protection |
Obey All Other Application Data Restrictions |
 Network Controls |
 Inbound |
 Components |
Inbound hosts list |
List of inbound addresses. |
SDCSS Server IP |
Inbound tcp port list |
List of Inbound tcp ports |
sdcssagent |
Inbound network rules |
List of rules to control connections into this system |
LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log" |
RemotePort="domain (53)", Protocol="UDP", Action="Allow", Log="Do not log" |
RemoteIP="Local IPs (IPv4 and IPv6)", Protocol="UDP", Action="Allow", Log="Do not log" |
RemoteIP="Local IPs (IPv4 and IPv6)", Protocol="TCP", Action="Allow", Log="Do not log" |
RemotePort="nfs", Protocol="UDP", Action="Allow", Log="Log" |
Default inbound rule |
Default inbound rule action |
Deny |
Default inbound rule log setting |
Log as trivial |
 Outbound |
 Components |
Outbound hosts list |
List of outbound addresses. |
SDCSS Server IP |
Outbound tcp port list |
List of outbound tcp ports |
sdcssserver |
Outbound network rules |
List of rules to control outbound network connections |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log" |
RemotePort="domain (53)", Protocol="Both TCP and UDP", Action="Allow", Log="Do not log" |
RemoteIP="Local IPs (IPv4 and IPv6)", Protocol="UDP", Action="Allow", Log="Do not log" |
RemoteIP="Local IPs (IPv4 and IPv6)", Protocol="TCP", Action="Allow", Log="Do not log" |
RemoteIP="0.0.0.1/32", Protocol="TCP", Action="Allow", Log="Do not log" |
RemoteIP="0.0.0.1/32", Protocol="UDP", Action="Allow", Log="Do not log" |
RemotePort="nfs", Protocol="UDP", Action="Allow", Log="Log" |
Default outbound rule |
Default outbound rule action |
Deny |
Default outbound rule log setting |
Log as trivial |
 Bind daemon [bind_ps] |
 Advanced Options |
 Protection Categories |
 Application Data Protection |
Obey All Other Application Data Restrictions |
 Network Controls |
 Inbound |
 Components |
Inbound hosts list |
List of inbound addresses. |
Local IPs (IPv4 and IPv6) |
Any |
Global inbound hosts component |
Inbound tcp port list |
List of Inbound tcp ports |
domain (53) |
rndc (953) |
Inbound udp port list |
List of Inbound udp ports |
domain (53) |
rndc (953) |
Inbound network rules |
List of rules to control connections into this system |
LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default inbound rule |
Default inbound rule action |
Deny |
Default inbound rule log setting |
Log |
 Outbound |
 Components |
Outbound hosts list |
List of outbound addresses. |
Local IPs (IPv4 and IPv6) |
Any |
Global outbound hosts component |
Outbound tcp port list |
List of outbound tcp ports |
domain (53) |
ldap (389) |
ldaps (636) |
Outbound udp port list |
List of outbound udp ports |
domain (53) |
Outbound network rules |
List of rules to control outbound network connections |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default outbound rule |
Default outbound rule action |
Deny |
Default outbound rule log setting |
Log |
 crond daemon [crond_ps] |
 Advanced Options |
 Protection Categories |
 Application Data Protection |
Obey All Other Application Data Restrictions |
 Network Controls |
 Inbound |
 Components |
Inbound hosts list |
List of inbound addresses. |
Local IPs (IPv4 and IPv6) |
Global inbound hosts component |
Inbound tcp port list |
List of Inbound tcp ports |
ldap (389) |
Inbound network rules |
List of rules to control connections into this system |
LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default inbound rule |
Default inbound rule action |
Deny |
Default inbound rule log setting |
Log |
 Outbound |
 Components |
Outbound hosts list |
List of outbound addresses. |
Local IPs (IPv4 and IPv6) |
Global outbound hosts component |
Outbound tcp port list |
List of outbound tcp ports |
ldap (389) |
Outbound udp port list |
List of outbound udp ports |
sunrpc (111) |
ldap (389) |
Outbound network rules |
List of rules to control outbound network connections |
RemoteIP="0.0.0.1/32", Protocol="TCP", Action="Allow", Log="Do not log" |
RemoteIP="0.0.0.1/32", Protocol="UDP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default outbound rule |
Default outbound rule action |
Deny |
Default outbound rule log setting |
Log |
 FTP daemon [ftpd_ps] |
 Basic Options |
Enable passive FTP |
 Advanced Options |
 Protection Categories |
 Application Data Protection |
Obey All Other Application Data Restrictions |
 Network Controls |
 Inbound |
 Components |
Inbound hosts list |
List of inbound addresses. |
Any |
Global inbound hosts component |
Inbound tcp port list |
List of Inbound tcp ports |
ftp (21) |
high (1024-65535) |
Inbound udp port list |
List of Inbound udp ports |
high (1024-65535) |
Inbound network rules |
List of rules to control connections into this system |
LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default inbound rule |
Default inbound rule action |
Deny |
Default inbound rule log setting |
Log |
 Outbound |
 Components |
Outbound hosts list |
List of outbound addresses. |
Any |
Global outbound hosts component |
Outbound tcp port list |
List of outbound tcp ports |
high (1024-65535) |
domain (53) |
Outbound udp port list |
List of outbound udp ports |
high (1024-65535) |
domain (53) |
Outbound network rules |
List of rules to control outbound network connections |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default outbound rule |
Default outbound rule action |
Deny |
Default outbound rule log setting |
Log |
 inet daemon [inetd_ps] |
 Advanced Options |
 Protection Categories |
 Application Data Protection |
Obey All Other Application Data Restrictions |
 Network Controls |
 Inbound |
 Components |
Inbound hosts list |
List of inbound addresses. |
Local IPs (IPv4 and IPv6) |
Any |
Global inbound hosts component |
Inbound tcp port list |
List of Inbound tcp ports |
telnet (23) |
ftp (21) |
unix-rlogin (513) |
unix-rexec (512) |
unix-rsh (514) |
lp (515) |
Inbound udp port list |
List of Inbound udp ports |
tftp (69) |
Inbound network rules |
List of rules to control connections into this system |
LocalPort="32767-65535", RemoteIP="Local IPs (IPv4 and IPv6)", Protocol="TCP", Action="Allow", Log="Do not log" |
LocalPort="32767-65535", RemoteIP="Local IPs (IPv4 and IPv6)", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default inbound rule |
Default inbound rule action |
Deny |
Default inbound rule log setting |
Log |
 Outbound |
 Components |
Outbound hosts list |
List of outbound addresses. |
Local IPs (IPv4 and IPv6) |
Any |
Global outbound hosts component |
Outbound tcp port list |
List of outbound tcp ports |
domain (53) |
auth (113), ident |
sunrpc (111) |
Outbound udp port list |
List of outbound udp ports |
domain (53) |
sunrpc (111) |
Outbound network rules |
List of rules to control outbound network connections |
LocalPort="32767-65535", RemoteIP="Local IPs (IPv4 and IPv6)", Protocol="TCP", Action="Allow", Log="Do not log" |
LocalPort="32767-65535", RemoteIP="Local IPs (IPv4 and IPv6)", Protocol="UDP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default outbound rule |
Default outbound rule action |
Deny |
Default outbound rule log setting |
Log |
 CUPS printer daemon [print_ps] |
 Advanced Options |
 Protection Categories |
 Application Data Protection |
Obey All Other Application Data Restrictions |
 Network Controls |
 Inbound |
 Components |
Inbound hosts list |
List of inbound addresses. |
Any |
Global inbound hosts component |
Inbound tcp port list |
List of Inbound tcp ports |
ipp (631) |
jetdirect (9100) |
lp (515) |
slp (427) |
Inbound udp port list |
List of Inbound udp ports |
ipp (631) |
Inbound network rules |
List of rules to control connections into this system |
LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default inbound rule |
Default inbound rule action |
Deny |
Default inbound rule log setting |
Log |
 Outbound |
 Components |
Outbound hosts list |
List of outbound addresses. |
Any |
Global outbound hosts component |
Outbound tcp port list |
List of outbound tcp ports |
jetdirect (9100) |
lp (515) |
slp (427) |
ipp (631) |
domain (53) |
Outbound udp port list |
List of outbound udp ports |
ipp (631) |
domain (53) |
Outbound network rules |
List of rules to control outbound network connections |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default outbound rule |
Default outbound rule action |
Deny |
Default outbound rule log setting |
Log |
 LPD printer daemon [lpd_ps] |
 Advanced Options |
 Protection Categories |
 Application Data Protection |
Obey All Other Application Data Restrictions |
 Network Controls |
 Inbound |
 Components |
Inbound hosts list |
List of inbound addresses. |
Local IPs (IPv4 and IPv6) |
Any |
Global inbound hosts component |
Inbound tcp port list |
List of Inbound tcp ports |
jetdirect (9100) |
lp (515) |
slp (427) |
Inbound network rules |
List of rules to control connections into this system |
LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default inbound rule |
Default inbound rule action |
Deny |
Default inbound rule log setting |
Log |
 Outbound |
 Components |
Outbound hosts list |
List of outbound addresses. |
Local IPs (IPv4 and IPv6) |
Any |
Global outbound hosts component |
Outbound tcp port list |
List of outbound tcp ports |
jetdirect (9100) |
lp (515) |
slp (427) |
ipp (631) |
domain (53) |
Outbound udp port list |
List of outbound udp ports |
ipp (631) |
domain (53) |
snmp (161) |
Outbound network rules |
List of rules to control outbound network connections |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default outbound rule |
Default outbound rule action |
Deny |
Default outbound rule log setting |
Log |
 Remote login services [rservices_ps] |
 Advanced Options |
 Protection Categories |
 Application Data Protection |
Obey All Other Application Data Restrictions |
 Network Controls |
 Inbound |
 Components |
Inbound hosts list |
List of inbound addresses. |
Local IPs (IPv4 and IPv6) |
Any |
Global inbound hosts component |
Inbound tcp port list |
List of Inbound tcp ports |
wellknown (0-1023) |
Inbound network rules |
List of rules to control connections into this system |
LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default inbound rule |
Default inbound rule action |
Deny |
Default inbound rule log setting |
Log |
 Outbound |
 Components |
Outbound hosts list |
List of outbound addresses. |
Local IPs (IPv4 and IPv6) |
Any |
Global outbound hosts component |
Outbound tcp port list |
List of outbound tcp ports |
auth (113), ident |
wellknown (0-1023) |
Outbound udp port list |
List of outbound udp ports |
domain (53) |
wellknown (0-1023) |
Outbound network rules |
List of rules to control outbound network connections |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default outbound rule |
Default outbound rule action |
Deny |
Default outbound rule log setting |
Log |
 RPC port mapper [rpcd_ps] |
 Advanced Options |
 Protection Categories |
 Application Data Protection |
Obey All Other Application Data Restrictions |
 Network Controls |
 Inbound |
 Components |
Inbound hosts list |
List of inbound addresses. |
Local IPs (IPv4 and IPv6) |
0.0.0.1 |
Any |
Global inbound hosts component |
Inbound tcp port list |
List of Inbound tcp ports |
sunrpc (111) |
Inbound udp port list |
List of Inbound udp ports |
high (1024-65535) |
sunrpc (111) |
Inbound network rules |
List of rules to control connections into this system |
LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default inbound rule |
Default inbound rule action |
Deny |
Default inbound rule log setting |
Log |
 Outbound |
 Components |
Outbound hosts list |
List of outbound addresses. |
Local IPs (IPv4 and IPv6) |
0.0.0.1 |
Global outbound hosts component |
Outbound network rules |
List of rules to control outbound network connections |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default outbound rule |
Default outbound rule action |
Deny |
Default outbound rule log setting |
Log |
 syslog daemon [syslogd_ps] |
 Advanced Options |
 Protection Categories |
 Application Data Protection |
Obey All Other Application Data Restrictions |
 Network Controls |
 Inbound |
 Components |
Inbound hosts list |
List of inbound addresses. |
Local IPs (IPv4 and IPv6) |
Global inbound hosts component |
Inbound udp port list |
List of Inbound udp ports |
unix-syslog (514) |
Inbound network rules |
List of rules to control connections into this system |
LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default inbound rule |
Default inbound rule action |
Deny |
Default inbound rule log setting |
Log |
 Outbound |
 Components |
Outbound hosts list |
List of outbound addresses. |
Local IPs (IPv4 and IPv6) |
Global outbound hosts component |
Outbound udp port list |
List of outbound udp ports |
unix-syslog (514) |
Outbound network rules |
List of rules to control outbound network connections |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default outbound rule |
Default outbound rule action |
Deny |
Default outbound rule log setting |
Log |
 TFTP daemon [tftpd_ps] |
 Advanced Options |
 Protection Categories |
 Application Data Protection |
Obey All Other Application Data Restrictions |
 Network Controls |
 Inbound |
 Components |
Inbound hosts list |
List of inbound addresses. |
Any |
Global inbound hosts component |
Inbound udp port list |
List of Inbound udp ports |
high (1024-65535) |
tftp (69) |
Inbound network rules |
List of rules to control connections into this system |
LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default inbound rule |
Default inbound rule action |
Deny |
Default inbound rule log setting |
Log |
 Outbound |
 Components |
Outbound hosts list |
List of outbound addresses. |
Any |
Global outbound hosts component |
Outbound udp port list |
List of outbound udp ports |
tftp (69) |
Outbound network rules |
List of rules to control outbound network connections |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default outbound rule |
Default outbound rule action |
Deny |
Default outbound rule log setting |
Log |
 Full Daemon Options [daemon_fullpriv_ps] |
 Protection Categories |
 Application Data Protection |
Obey All Other Application Data Restrictions |
 Network Controls |
 Inbound |
 Components |
Inbound hosts list |
List of inbound addresses. |
Local IPs (IPv4 and IPv6) |
Global inbound hosts component |
Inbound tcp port list |
List of Inbound tcp ports |
Any (0-65535) |
Inbound udp port list |
List of Inbound udp ports |
Any (0-65535) |
Inbound network rules |
List of rules to control connections into this system |
LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default inbound rule |
Default inbound rule action |
Allow |
Default inbound rule log setting |
Log when denying |
 Outbound |
 Components |
Outbound hosts list |
List of outbound addresses. |
Local IPs (IPv4 and IPv6) |
Global outbound hosts component |
Outbound tcp port list |
List of outbound tcp ports |
Any (0-65535) |
Outbound udp port list |
List of outbound udp ports |
Any (0-65535) |
Outbound network rules |
List of rules to control outbound network connections |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default outbound rule |
Default outbound rule action |
Allow |
Default outbound rule log setting |
Log when denying |
 SysCall Options |
Allow mounting and unmounting of file systems (mount,umount) |
Allow creation of hard links (link) |
Allow creation of special files (mknod) |
Allow loading and unloading of kernel modules (modctl) |
 Safe Daemon Options [daemon_safepriv_ps] |
 Protection Categories |
 Application Data Protection |
Obey All Other Application Data Restrictions |
 Network Controls |
 Inbound |
 Components |
Inbound hosts list |
List of inbound addresses. |
Local IPs (IPv4 and IPv6) |
Global inbound hosts component |
Inbound tcp port list |
List of Inbound tcp ports |
Any (0-65535) |
Inbound udp port list |
List of Inbound udp ports |
Any (0-65535) |
Inbound network rules |
List of rules to control connections into this system |
LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default inbound rule |
Default inbound rule action |
Allow |
Default inbound rule log setting |
Log when denying |
 Outbound |
 Components |
Outbound hosts list |
List of outbound addresses. |
Local IPs (IPv4 and IPv6) |
Global outbound hosts component |
Outbound tcp port list |
List of outbound tcp ports |
Any (0-65535) |
Outbound udp port list |
List of outbound udp ports |
Any (0-65535) |
Outbound network rules |
List of rules to control outbound network connections |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default outbound rule |
Default outbound rule action |
Allow |
Default outbound rule log setting |
Log when denying |
 SysCall Options |
Allow mounting and unmounting of file systems (mount,umount) |
Allow creation of hard links (link) |
Allow creation of special files (mknod) |
Allow loading and unloading of kernel modules (modctl) |
 Custom Daemon Options [daemon_custompriv_ps] |
 Protection Categories |
 Application Data Protection |
Obey All Other Application Data Restrictions |
 Network Controls |
 Inbound |
 Components |
Inbound hosts list |
List of inbound addresses. |
Global inbound hosts component |
Inbound network rules |
List of rules to control connections into this system |
LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default inbound rule |
Default inbound rule action |
Deny |
Default inbound rule log setting |
Log |
 Outbound |
 Components |
Outbound hosts list |
List of outbound addresses. |
Global outbound hosts component |
Outbound network rules |
List of rules to control outbound network connections |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default outbound rule |
Default outbound rule action |
Deny |
Default outbound rule log setting |
Log |
 Default Daemon Options [daemon_stdpriv_ps, ...] |
 Protection Categories |
 Application Data Protection |
Obey All Other Application Data Restrictions |
 Network Controls |
 Inbound |
 Components |
Inbound hosts list |
List of inbound addresses. |
Localhost |
Any |
Global inbound hosts component |
Inbound tcp port list |
List of Inbound tcp ports |
sunrpc (111) |
ssh (22) |
netbios-session (139) |
ldap (389) |
ldaps (636) |
slp (427) |
msft-dc (445) |
4999 |
6000-6020 |
Inbound udp port list |
List of Inbound udp ports |
netbios-ns (137) |
netbios-datagram (138) |
sunrpc (111) |
high (1024-65535) |
router (520) |
ldap (389) |
slp (427) |
snmp (161) |
bootpc (68) |
177 |
Inbound network rules |
List of rules to control connections into this system |
LocalPort="high (1024-65535)", Protocol="TCP", Action="Allow", Log="Do not log" |
LocalPort="wellknown (0-1023)", Protocol="TCP", Action="Allow", Log="Do not log", Program="/usr/sbin/rpc.mountd" |
LocalPort="wellknown (0-1023)", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default inbound rule |
Default inbound rule action |
Allow |
Default inbound rule log setting |
Log when denying |
 Outbound |
 Components |
Outbound hosts list |
List of outbound addresses. |
Localhost |
Any |
Global outbound hosts component |
Outbound tcp port list |
List of outbound tcp ports |
domain (53) |
ldap (389) |
ldaps (636) |
slp (427) |
sunrpc (111) |
ssh (22) |
Outbound udp port list |
List of outbound udp ports |
domain (53) |
ldap (389) |
slp (427) |
snmptrap |
netbios-ns (137) |
netbios-datagram (138) |
sunrpc (111) |
bootpc (68) |
Outbound network rules |
List of rules to control outbound network connections |
LocalPort="wellknown (0-1023)", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="wellknown (0-1023)", Protocol="TCP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default outbound rule |
Default outbound rule action |
Allow |
Default outbound rule log setting |
Log when denying |
 SysCall Options |
Allow loading and unloading of kernel modules (modctl) |
 Interactive Program Options |
 General Interactive Program Options |
 Protection Categories |
 Application Data Protection |
Obey All Other Application Data Restrictions |
 Alternate Privilege Lists |
Specify Interactive Programs with Safe privileges |
List of Interactive Programs with Safe privilege |
Program="/usr/lib/YaST2/bin/y2base" |
Program="/sbin/yast" |
Program="/sbin/yast2" |
Specify Interactive Programs with Standard privileges |
List of Interactive Programs with Standard privilege |
Program="/usr/bin/crontab" |
 Specific Interactive Program Options |
 Display Programs [display_ps] |
 Advanced Options |
 Protection Categories |
 Application Data Protection |
Obey All Other Application Data Restrictions |
 Network Controls |
 Inbound |
 Components |
Inbound hosts list |
List of inbound addresses. |
Local IPs (IPv4 and IPv6) |
Global inbound hosts component |
Inbound tcp port list |
List of Inbound tcp ports |
6000-6010 |
Inbound network rules |
List of rules to control connections into this system |
LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default inbound rule |
Default inbound rule action |
Deny |
Default inbound rule log setting |
Log |
 Outbound |
 Components |
Outbound hosts list |
List of outbound addresses. |
Local IPs (IPv4 and IPv6) |
Global outbound hosts component |
Outbound network rules |
List of rules to control outbound network connections |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default outbound rule |
Default outbound rule action |
Deny |
Default outbound rule log setting |
Log |
 SysCall Options |
Allow mounting and unmounting of file systems (mount,umount) |
Allow creation of hard links (link) |
Allow creation of special files (mknod) |
Allow loading and unloading of kernel modules (modctl) |
 Root Program Options [rootpriv_ps] |
 Protection Categories |
 Application Data Protection |
Obey All Other Application Data Restrictions |
 System Admin Options |
Allow root to run the useradd program. |
 Network Controls |
 Inbound |
 Components |
Inbound hosts list |
List of inbound addresses. |
Any |
Global inbound hosts component |
Inbound tcp port list |
List of Inbound tcp ports |
high (1024-65535) |
Inbound network rules |
List of rules to control connections into this system |
RemotePort="Any (0-65535)", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="wellknown (0-1023)", Protocol="TCP", Action="Disabled", Log="Do not log", Program="/usr/bin/rsh" |
LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default inbound rule |
Default inbound rule action |
Allow |
Default inbound rule log setting |
Log when denying |
 Outbound |
 Components |
Outbound hosts list |
List of outbound addresses. |
Any |
Global outbound hosts component |
Outbound tcp port list |
List of outbound tcp ports |
domain (53) |
sunrpc (111) |
Outbound udp port list |
List of outbound udp ports |
domain (53) |
sunrpc (111) |
Outbound network rules |
List of rules to control outbound network connections |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default outbound rule |
Default outbound rule action |
Allow |
Default outbound rule log setting |
Log when denying |
 Process Logging Options |
Log process assignment messages |
Log process assignment command line arguments |
List or programs that should be routed to the no pset logging rootpriv pset. |
List of programs to route to the rootpriv pset with no pset logging. |
Program="/usr/sbin/makewhatis", User="root" |
 Full Interactive Program Options [int_fullpriv_ps] |
 Protection Categories |
 Application Data Protection |
Obey All Other Application Data Restrictions |
 Network Controls |
 Inbound |
 Components |
Inbound hosts list |
List of inbound addresses. |
Local IPs (IPv4 and IPv6) |
Global inbound hosts component |
Inbound tcp port list |
List of Inbound tcp ports |
Any (0-65535) |
Inbound udp port list |
List of Inbound udp ports |
high (1024-65535) |
Any (0-65535) |
Inbound network rules |
List of rules to control connections into this system |
LocalPort="high (1024-65535)", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default inbound rule |
Default inbound rule action |
Allow |
Default inbound rule log setting |
Log when denying |
 Outbound |
 Components |
Outbound hosts list |
List of outbound addresses. |
Local IPs (IPv4 and IPv6) |
Global outbound hosts component |
Outbound tcp port list |
List of outbound tcp ports |
Any (0-65535) |
Outbound udp port list |
List of outbound udp ports |
high (1024-65535) |
Any (0-65535) |
Outbound network rules |
List of rules to control outbound network connections |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default outbound rule |
Default outbound rule action |
Allow |
Default outbound rule log setting |
Log when denying |
 SysCall Options |
Allow mounting and unmounting of file systems (mount,umount) |
Allow creation of hard links (link) |
Allow creation of special files (mknod) |
Allow loading and unloading of kernel modules (modctl) |
 Safe Interactive Program Options [int_safepriv_ps] |
 Protection Categories |
 Application Data Protection |
Obey All Other Application Data Restrictions |
 Network Controls |
 Inbound |
 Components |
Inbound hosts list |
List of inbound addresses. |
Local IPs (IPv4 and IPv6) |
Global inbound hosts component |
Inbound tcp port list |
List of Inbound tcp ports |
Any (0-65535) |
Inbound udp port list |
List of Inbound udp ports |
high (1024-65535) |
Any (0-65535) |
Inbound network rules |
List of rules to control connections into this system |
LocalPort="high (1024-65535)", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default inbound rule |
Default inbound rule action |
Allow |
Default inbound rule log setting |
Log when denying |
 Outbound |
 Components |
Outbound hosts list |
List of outbound addresses. |
Local IPs (IPv4 and IPv6) |
Global outbound hosts component |
Outbound tcp port list |
List of outbound tcp ports |
Any (0-65535) |
Outbound udp port list |
List of outbound udp ports |
high (1024-65535) |
Any (0-65535) |
Outbound network rules |
List of rules to control outbound network connections |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default outbound rule |
Default outbound rule action |
Allow |
Default outbound rule log setting |
Log when denying |
 SysCall Options |
Allow mounting and unmounting of file systems (mount,umount) |
Allow creation of hard links (link) |
Allow creation of special files (mknod) |
 Custom Interactive Program Options [int_custompriv_ps] |
 Protection Categories |
 Application Data Protection |
Obey All Other Application Data Restrictions |
Restrict network access |
 Network Controls |
 Inbound |
 Components |
Inbound hosts list |
List of inbound addresses. |
Local IPs (IPv4 and IPv6) |
Global inbound hosts component |
Inbound tcp port list |
List of Inbound tcp ports |
epmap (135) |
Inbound udp port list |
List of Inbound udp ports |
epmap (135) |
Inbound network rules |
List of rules to control connections into this system |
LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default inbound rule |
Default inbound rule action |
Deny |
Default inbound rule log setting |
Log |
 Outbound |
 Components |
Outbound hosts list |
List of outbound addresses. |
Local IPs (IPv4 and IPv6) |
Global outbound hosts component |
Outbound tcp port list |
List of outbound tcp ports |
epmap (135) |
ldap (389) |
http (80) |
Outbound udp port list |
List of outbound udp ports |
epmap (135) |
Outbound network rules |
List of rules to control outbound network connections |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default outbound rule |
Default outbound rule action |
Deny |
Default outbound rule log setting |
Log |
 Default Interactive Program Options [int_stdpriv_ps, ...] |
 Protection Categories |
 Application Data Protection |
Obey All Other Application Data Restrictions |
 Network Controls |
 Inbound |
 Components |
Inbound hosts list |
std_int inbound address list |
Local IPs (IPv4 and IPv6) |
Any |
Global inbound hosts component |
Inbound tcp port list |
List of Inbound tcp ports |
Any (0-65535) |
Inbound udp port list |
List of Inbound udp ports |
Any (0-65535) |
Inbound network rules |
List of rules to control connections into this system |
LocalPort="high (1024-65535)", RemoteIP="pset specific outbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
RemoteIP="Any", Protocol="Both TCP and UDP", Action="Allow", Log="Do not log", Program="%-def_int_srvprog_list:prog%", Arguments="%-def_int_srvprog_list:cmdline%", User="%-def_int_srvprog_list:id%", Group="%-def_int_srvprog_list:groupid%" |
LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default inbound rule |
Default inbound rule action |
Allow |
Default inbound rule log setting |
Log when denying |
 Outbound |
 Components |
Outbound hosts list |
std_int outbound address list |
Local IPs (IPv4 and IPv6) |
Any |
Global outbound hosts component |
Outbound tcp port list |
List of outbound tcp ports |
ldap (389) |
http (80) |
https (443) |
epmap (135) |
Outbound udp port list |
List of outbound udp ports |
high (1024-65535) |
domain (53) |
Outbound network rules |
List of rules to control outbound network connections |
LocalPort="high (1024-65535)", RemoteIP="pset specific outbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
RemoteIP="Any", Protocol="Both TCP and UDP", Action="Allow", Log="Do not log", Program="%-def_int_srvprog_list:prog%", Arguments="%-def_int_srvprog_list:cmdline%", User="%-def_int_srvprog_list:id%", Group="%-def_int_srvprog_list:groupid%" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log" |
RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log" |
LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log" |
Default outbound rule |
Default outbound rule action |
Allow |
Default outbound rule log setting |
Log when denying |
 SysCall Options |
Allow mounting and unmounting of file systems (mount,umount) |
Allow creation of hard links (link) |
Allow creation of special files (mknod) |