summaryrefslogtreecommitdiffstats
path: root/extensions/libipt_owner.man
diff options
context:
space:
mode:
Diffstat (limited to 'extensions/libipt_owner.man')
-rw-r--r--extensions/libipt_owner.man26
1 files changed, 26 insertions, 0 deletions
diff --git a/extensions/libipt_owner.man b/extensions/libipt_owner.man
new file mode 100644
index 00000000..1394aca6
--- /dev/null
+++ b/extensions/libipt_owner.man
@@ -0,0 +1,26 @@
+This module attempts to match various characteristics of the packet
+creator, for locally-generated packets. It is only valid in the
+.B OUTPUT
+chain, and even this some packets (such as ICMP ping responses) may
+have no owner, and hence never match.
+.TP
+.BI "--uid-owner " "userid"
+Matches if the packet was created by a process with the given
+effective user id.
+.TP
+.BI "--gid-owner " "groupid"
+Matches if the packet was created by a process with the given
+effective group id.
+.TP
+.BI "--pid-owner " "processid"
+Matches if the packet was created by a process with the given
+process id.
+.TP
+.BI "--sid-owner " "sessionid"
+Matches if the packet was created by a process in the given session
+group.
+.TP
+.BI "--cmd-owner " "name"
+Matches if the packet was created by a process with the given command name.
+(this option is present only if iptables was compiled under a kernel
+supporting this feature)