Hi, I'm using the owner module with the following setup for outgoing packets. -A OUTPUT -m conntrack --ctstate INVALID -j DROP -A OUTPUT -o eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT -A OUTPUT -o eth0 -m owner --uid-owner some-user -j ACCEPT -A OUTPUT -o eth0 -j LOG --log-uid -A OUTPUT -j REJECT The user some-user runs a TCP server and I thought with those rules all packets by the user would be allowed and traffic from other users rejected. But the LOG matches some packets like the following (they are from the some-user but have no UID): IN= OUT=eth0 SRC=... DST=... LEN=130 TOS=0x00 PREC=0x00 TTL=64 ID=44900 DF PROTO=TCP SPT=... DPT=... WINDOW=6432 RES=0x00 ACK URGP=0 IN= OUT=eth0 SRC=... DST=... LEN=1200 TOS=0x00 PREC=0x00 TTL=64 ID=28700 DF PROTO=TCP SPT=... DPT=... WINDOW=6432 RES=0x00 ACK PSH URGP=0 Is this expected and can I drop those packets safely or is something wrong with my setup? Thanks for your help, Simon -- + privacy is necessary + using http://gnupg.org + public key id: 0x92FEFDB7E44C32F9
Attachment:
signature.asc
Description: Digital signature
