Hi, I'm currently using the ipt_owner module to enforce stronger outgoing packet filtering on certain daemons. I create a custom chain with the stronger rules and use '-m owner' to jump packets into the chain. This works fine for UDP and TCP, but my outgoing ICMP packets never match the rule. I understand why incoming ICMP should fail to match, but why are outgoing packets missing the filter? Chain OUTPUT (policy ACCEPT) target prot opt source destination acctboth all -- anywhere anywhere ACCEPT all -- anywhere anywhere apache-output all -- anywhere anywhere OWNER UID match iptest Chain apache-output (1 references) target prot opt source destination DROP icmp -- anywhere anywhere (nothing in the acctboth chain causes a jump) Any ideas? -- Jay L.T. Cornwall, http://www.esuna.co.uk/~jay/ PhD Student Imperial College London
