4.3. IPTables/Firewalls

IPTables includes a SECMARK target module. This is used to set the security mark value associated with the packet for use by security subsystems such as SELinux. It is only valid in the mangle table. Refer to the following for example usage:

iptables -t mangle -A INPUT -p tcp --dport 80 -j SECMARK --selctx \ system_u:object_r:httpd_packet_t:s0