allow iptables to relabelto all packets

refpolicy/policy/modules/kernel/corenetwork.if.m4

@@ -466,7 +466,7 @@ define(`create_packet_interfaces',``
 #
 interface(`corenet_send_$1_packets',`
 	gen_require(`
-		type $1_t;
+		type $1_packet_t;
 	')
 
 	allow dollarsone $1_packet_t:packet send;
@@ -485,7 +485,7 @@ interface(`corenet_send_$1_packets',`
 #
 interface(`corenet_receive_$1_packets',`
 	gen_require(`
-		type $1_t;
+		type $1_packet_t;
 	')
 
 	allow dollarsone $1_packet_t:packet recv;
@@ -519,7 +519,7 @@ interface(`corenet_sendrecv_$1_packets',`
 #
 interface(`corenet_relabelto_$1_packets',`
 	gen_require(`
-		type $1_t;
+		type $1_packet_t;
 	')
 
 	allow dollarsone $1_packet_t:packet relabelto;

refpolicy/policy/modules/system/iptables.te

@@ -43,6 +43,8 @@ kernel_read_kernel_sysctls(iptables_t)
 kernel_read_modprobe_sysctls(iptables_t)
 kernel_use_fds(iptables_t)
 
+corenet_relabelto_all_packets(iptables_t)
+
 dev_read_sysfs(iptables_t)
 
 fs_getattr_xattr_fs(iptables_t)

refpolicy/policy/modules/system/sysnetwork.te

@@ -153,7 +153,6 @@ ifdef(`distro_redhat', `
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_ttys(dhcpc_t)
 	term_dontaudit_use_generic_ptys(dhcpc_t)
-
 	files_dontaudit_read_root_files(dhcpc_t)
 ')