I'm trying to learn some stuff regarding network security, as part of the same bumped into the acl's. So, wanted to check what was implemented in Linux.
If I understand correctly, with this one can provision read, write and execute permissions for a file using setfacl with various options. However, I have a question can we apply an ACL on a tcp connection, after all everything in Linux is a file. I just had a look at the code and I think it is possible to do the same. (I took the code from
http://download.savannah.gnu.org/releases/acl/) Please correct me if such a thing is already implemented.
Also, I have a one more trivial question. In the networking world, ACL's are in a way used as a matching criteria, based on various matching parameters(say IP Address, port number, etc) apart from user, group, and other(however, in case of security only user will come into picture, this is more of an informative question and not specific to security). Based on the matching criteria, one can apply QoS policy and other stuff. So, is there a way to perform this type of matching. In the code I saw, I don't think it is possible to do such a thing.
Please correct me if I missed out on something.
Thank you.