blob: 456a03111c181ec11311022b258edcb078fa2b49 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
.TP
[\fB!\fP] \fB\-\-cgroup\fP \fIfwid\fP
Match corresponding cgroup for this packet.
Can be used to assign particular firewall policies for aggregated
task/jobs on the system. This allows for more fine-grained firewall
policies that only match for a subset of the system's processes.
fwid is the maker set through the net_cls cgroup's id.
.PP
Example:
.PP
iptables \-A OUTPUT \-p tcp \-\-sport 80 \-m cgroup ! \-\-cgroup 1
\-j DROP
.PP
Available since Linux 3.14.
|
