Hi, This is an excerpt from the iptables manpage under owner MATCH: "It is only valid in the OUTPUT chain, and even this some packets (such as ICMP ping responses) may have no owner, and hence never match." How do I match these packets that do not have an owner? I have a drop all policy where I only allow established and related packets and output packets of certain owners. With this configuration, I often see ICMP and sometimes TCP resets as having been dropped. Thanks, -- Atsushi Nakagawa <atnak@xxxxxxxxx> Changes are made when there is inconvenience.
