summaryrefslogtreecommitdiffstats
path: root/extensions/libipt_owner.man
blob: b635e7d9bf9590995ee7eeb06e1dad6696da0430 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
This module attempts to match various characteristics of the packet
creator, for locally-generated packets.  It is only valid in the
.B OUTPUT
chain, and even this some packets (such as ICMP ping responses) may
have no owner, and hence never match.
.TP
.BI "--uid-owner " "userid"
Matches if the packet was created by a process with the given
effective user id.
.TP
.BI "--gid-owner " "groupid"
Matches if the packet was created by a process with the given
effective group id.
.TP
.BI "--pid-owner " "processid"
Matches if the packet was created by a process with the given
process id.
.TP
.BI "--sid-owner " "sessionid"
Matches if the packet was created by a process in the given session
group.
.TP
.BI "--cmd-owner " "name"
Matches if the packet was created by a process with the given command name.
(this option is present only if iptables was compiled under a kernel
supporting this feature)
.TP
.B NOTE: pid, sid and command matching are broken on SMP