On 09/09/2013 05:54 AM Lars Noodén wrote:
On 9/9/13 3:14 PM, atar wrote:> Thanks for replying!
Unfortunately, when invoking the 'iptables' command with the arguments
you've suggested, the program says:
iptables v1.4.14: unknown option "--cmd-owner"
Try `iptables -h' or 'iptables --help' for more information.
Regards!
atar.
My mistake. It seems that the tutorial is way out of date.
$ iptables -m owner --help
...
owner match options:
[!] --uid-owner userid[-userid] Match local UID
[!] --gid-owner groupid[-groupid] Match local GID
[!] --socket-exists Match if socket exists
So it looks like cmd-owner is no longer used. Apparmor or SELinux
mentioned by Claudius are the next things to try, though they are more
complex.
Hmmm. I get this:
# iptables -V
iptables v1.3.5
# iptables -m owner --help
...
OWNER match v1.3.5 options:
[!] --uid-owner userid Match local uid
[!] --gid-owner groupid Match local gid
[!] --pid-owner processid Match local pid
[!] --sid-owner sessionid Match local sid
[!] --cmd-owner name Match local command name
NOTE: pid, sid and command matching are broken on SMP
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/522db7dc.3050...@mousecar.com
