Hello, recently my Debian system promted this message: >The "nat" table is not intended for filtering, hence the use of DROP is >deprecated and will permanently be disabled in the next iptables >release. Please adjust your scripts. What im doing in the nat-table is redirecting the traffic to the tor-programm (www.torproject.org) listening on local port 9040 to form a transparent proxy. Now, the DROP target makes sure that non-redirected and thus "non-anonymized" packages are impossible. To distinguish anonymized traffic from normal traffic I do have a special user: 'tor-user' (-m -uid-owner tor-user). The tor programm itself is run by the user 'debian-tor'. The Problem: --uid-owner debian-tor does not match the redirected traffic. Meaning although the traffic is processed by a process owned by a different user --uid-owner still maches the orignal user of the data. My sytem seems to lack the --cmd-owner match, was this cut out? I hope you have any idea. Sebastian R. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
