It is hard to change packet's secmark in specific IP scope
to avoid Smack denial. Nether provides access control for
input and output packet better than IP management.
Change-Id: I7a6da0d53c313a7987217d62fefb16ef2f0b8a0f
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [816152:74580343]
:POSTROUTING ACCEPT [824147:75308906]
-# ipv4 multicase address for "All CoAP Nodes"
--A INPUT -d 224.0.1.187 -j SECMARK --selctx System
+-A INPUT -j SECMARK --selctx System
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -p tcp -m state --state NEW -j NFQUEUE --queue-num 0 --queue-bypass
COMMIT
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [816152:74580343]
:POSTROUTING ACCEPT [824147:75308906]
-# ipv6 multicase address for "All CoAP Nodes": Link-Local scope
--A INPUT -d ff02::158 -j SECMARK --selctx System
-# TODO: RULE FOR IOTCON PROVISIONING SHOULD BE REMOVED
--A INPUT -d fe80::ae5a:14ff:fe0e:b2c0 -j SECMARK --selctx System
+-A INPUT -j SECMARK --selctx System
COMMIT