On May 12, 2008, at 3:29 PM, SJS wrote:
I've never seen iptables tied to applications or users.
But then, it's been a LONG time since I've played with iptables.
In the manpage for iptables, under "MATCH EXTENSIONS", search for owner:
owner
This module attempts to match various characteristics of
the packet
creator, for locally-generated packets. It is only valid in
the OUTPUT
chain, and even this some packets (such as ICMP ping
responses) may
have no owner, and hence never match.
--uid-owner userid
Matches if the packet was created by a process with
the given
effective user id.
--gid-owner groupid
Matches if the packet was created by a process with
the given
effective group id.
--pid-owner processid
Matches if the packet was created by a process with
the given
process id.
--sid-owner sessionid
Matches if the packet was created by a process in the
given ses-
sion group.
--cmd-owner name
Matches if the packet was created by a process with
the given
command name. (this option is present only if iptables
was com-
piled under a kernel supporting this feature)
NOTE: pid, sid and command matching are broken on SMP
Gregory
--
Gregory K. Ruiz-Ade <[EMAIL PROTECTED]>
OpenPGP Key ID: EAF4844B keyserver: pgpkeys.mit.edu
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
