Declares a named IP address in IPv4 or IPv6 format that may be referenced by other CIL statements (i.e. netifcon). Notes: CIL statements utilising an IP address may reference a named IP address or use an anonymous address, the examples will show each option. IP Addresses may be declared without a previous declaration by enclosing within parentheses e.g. (127.0.0.1) or (::1). Statement definition: Where: ipaddr The ipaddr keyword. ipaddr_id The IP address identifier. ip_address A correctly formatted IP address in IPv4 or IPv6 format. Example: This example declares a named IP address and also passes an 'explicit anonymously declared' IP address to a macro: Label network interface objects (e.g. eth0). Statement definition: Where: netifcon The netifcon keyword. netif_name The network interface name (e.g. wlan0). netif_context_id The security context to be allocated to the network interface. A previously declared context identifier or an anonymous security context (user role type levelrange), the range MUST be defined whether the policy is MLS/MCS enabled or not. packet_context_id The security context to be allocated to packets. Note that these are defined but currently unused as the iptables(8) SECMARK services should be used to label packets. A previously declared context identifier or an anonymous security context (user role type levelrange), the range MUST be defined whether the policy is MLS/MCS enabled or not. Examples: These examples show named and anonymous netifcon statements: Label network address objects that represent IPv4 or IPv6 IP addresses and network masks. IP Addresses may be declared without a previous declaration by enclosing within parentheses e.g. (127.0.0.1) or (::1). Statement definition: Where: nodecon The nodecon keyword. subnet_id A previously declared ipaddr identifier, or an anonymous IPv4 or IPv6 formatted address. netmask_id A previously declared ipaddr identifier, or an anonymous IPv4 or IPv6 formatted address. context_id A previously declared context identifier or an anonymous security context (user role type levelrange), the range MUST be defined whether the policy is MLS/MCS enabled or not. Examples: These examples show named and anonymous nodecon statements: Label a udp or tcp port. Statement definition: Where: portcon The portcon keyword. protocol The protocol keyword tcp or udp. port | (port_low port_high) A single port to apply the context, or a range of ports. The entries must consist of numerics [0-9]. context_id A previously declared context identifier or an anonymous security context (user role type levelrange), the range MUST be defined whether the policy is MLS/MCS enabled or not. Examples: These examples show named and anonymous portcon statements: