This is an example of how you could protect Microsoft "microsoft-ds" service (port 445) and the selang rules definitions that could be implemented for that. The purpose is to protect your local machine from remote sharing access.
Release:
Component: SEOSNT
In order to protect the ds services on "my_local_system.com" and deny access to those services to "remote_system.com", the following set of commands need to be invoked from the command line using selang:
For additional information, please see our "CA Access Control Administration Guide for UNIX", "Chapter 10: Protecting TCP/IP Services" and read the contents:
"
Using the TCP Class
...
Note: defaccess(read) disables outgoing services. defaccess(write) disables incoming services.
If the HOST class is active (that is, if it is used as a criterion for access), then the TCP class cannot effectively be active. You can use the command setoptions class- HOST to deactivate the HOST class; then use the command setoptions class+ TCP (if necessary) to activate the TCP class. Deactivating the HOST class automatically deactivates GHOST, HOSTNET, and HOSTNP as well.
"