policy_module(mydhcp,1.0.0)

########################################
#
# Declarations
#
require {
	type dhcpc_t;
	type insmod_t;
	type iptables_t;

	type hostname_exec_t;
	type httpd_t;
	class rawip_socket { read write };
}

iptables_domtrans(dhcpc_t)

can_exec(httpd_t, hostname_exec_t)

#============= insmod_t ==============
allow insmod_t iptables_t:rawip_socket { read write };