firewalld.lockdown-whitelist man page on RedHat

Man page or keyword search:  
man Server   29550 pages
apropos Keyword Search (all sections)
Output format
RedHat logo
[printable version]

FIREWALLD.LOCKDOWN(5)	 firewalld.lockdown-whitelist	 FIREWALLD.LOCKDOWN(5)

NAME
       firewalld.lockdown-whitelist - firewalld lockdown whitelist
       configuration file

SYNOPSIS
       /usr/etc/firewalld/lockdown-whitelists.xml

DESCRIPTION
       The firewalld lockdown-whitelist configuration file contains the
       selinux contexts, commands, users and user ids that are white-listed
       when firewalld lockdown feature is enabled (see firewalld.conf(5) and
       firewall-cmd(1)).

       This example configuration file shows the structure of an
       lockdown-whitelist file:

	   <?xml version="1.0" encoding="utf-8"?>
	   <whitelist>
	     <selinux context="selinuxcontext"/>
	     <command name="commandline[*]"/>
	     <user {name="username|id="userid"}/>
	   </whitelist>

OPTIONS
       The config can contain these tags and attributes. Some of them are
       mandatory, others optional.

   whitelist
       The mandatory whitelist start and end tag defines the
       lockdown-whitelist. This tag can only be used once in a
       lockdown-whitelist configuration file. There are no attributes for
       this.

   selinux
       Is an optional empty-element tag and can be used several times to have
       more than one selinux contexts entries. A selinux entry has exactly one
       attribute:

       context="string"
	   The context is the security (SELinux) context of a running
	   application or service.

	   To get the context of a running application use ps -e --context and
	   search for the application that should be white-listed.

	   Warning: If the context of an application is unconfined, then this
	   will open access for more than the desired application.

   command
       Is an optional empty-element tag and can be used several times to have
       more than one command entry. A command entry has exactly one attribute:

       name="string"
	   The command string is a complete command line including path and
	   also attributes.

	   If a command entry ends with an asterisk '*', then all command
	   lines starting with the command will match. If the '*' is not there
	   the absolute command inclusive arguments must match.

	   Commands for user root and others is not always the same, the used
	   path depends on the use of the PATH environment variable.

   user
       Is an optional empty-element tag and can be used several times to
       white-list more than one user. A user entry has exactly one attribute
       of these:

       name="string"
	   The user with the name string will be white-listed.

       id="integer"
	   The user with the id userid will be white-listed.

SEE ALSO
       firewall-applet(1), firewalld(1), firewall-cmd(1), firewall-config(1),
       firewalld.conf(5), firewalld.direct(5), firewalld.icmptype(5),
       firewalld.lockdown-whitelist(5), firewall-offline-cmd(1),
       firewalld.richlanguage(5), firewalld.service(5), firewalld.zone(5),
       firewalld.zones(5)

NOTES
       firewalld home page at fedorahosted.org:
	   http://fedorahosted.org/firewalld/

       More documentation with examples:
	   http://fedoraproject.org/wiki/FirewallD

AUTHORS
       Thomas Woerner <twoerner@redhat.com>
	   Developer

       Jiri Popelka <jpopelka@redhat.com>
	   Developer

firewalld 0.3.8						 FIREWALLD.LOCKDOWN(5)
[top]

List of man pages available for RedHat

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net