path: root/extensions/
diff options
author/C=EU/ST=EU/CN=Patrick McHardy/ </C=EU/ST=EU/CN=Patrick McHardy/>2008-01-20 13:21:38 +0000
committer/C=EU/ST=EU/CN=Patrick McHardy/ </C=EU/ST=EU/CN=Patrick McHardy/>2008-01-20 13:21:38 +0000
commit1a921f6a9f11ec2f43e5417d9c4a37b8877fd524 (patch)
treeaaf730a96d73a6dfa0a84db89a84799b86decc30 /extensions/
parent245a69add9e3195b2b4a596a3104e49a17b47017 (diff)
[PATCH]: libxt_owner
libxt_owner merges libipt_owner and libip6t_owner, and adds support for the xt_owner match revision 1. Signed-off-by: Jan Engelhardt <>
Diffstat (limited to 'extensions/')
1 files changed, 16 insertions, 0 deletions
diff --git a/extensions/ b/extensions/
new file mode 100644
index 0000000..add2369
--- /dev/null
+++ b/extensions/
@@ -0,0 +1,16 @@
+This module attempts to match various characteristics of the packet creator,
+for locally generated packets. This match is only valid in the OUTPUT and
+POSTROUTING chains. Forwarded packets do not have any socket associated with
+them. Packets from kernel threads do have a socket, but usually no owner.
+\fB--uid-owner\fR \fIuserid\fR
+Matches if the packet socket's file structure (if it has one) is owned by the
+given user ID. A user name may be specified in place of \fIuserid\fR, in which
+case iptables will try to look it up.
+\fB--gid-owner\fR \fIgroupid\fR
+Matches if the packet socket's file structure is owned by the given group ID.
+A group name may be specified in place of \fIgroupid\fR.
+Matches if the packet is associated with a socket.