On Fri, 14 Jul 2006, Fabio S. Silva wrote:
Hi all, i want to know how to work with uid-owner i 've tried to use
with this rule
iptables -A OUTPUT -m owner --uid-owner fabio -j DROP
but all packets created by this user pass the firewall
if i create the rule in the machine of user fabio its works, but i
need to create the rule in my firewall gateway, in the firewall i can
see user fabio with the command id fabio, its returns ok to me, i've
tried to use with the user id but didnt work.
1.
User user-id/name of the "person" sending the data is not transfered onto
the network, so if the firewall is on a different machine it won't see
which user does the traffic - only which source ip it uses.
2.
OUTPUT rules are only used for traffic directly from the machine to
somewhere, not routed through the machine. So in your firewall it means
traffic generated directly by the firewall machine, not received from some
other box and then passed on - such packets use the FORWARD chain.
c'ya
sven
--
The Internet treats censorship as a routing problem, and routes around it.
(John Gilmore on http://www.cygnus.com/~gnu/)
