Re: Process filtering

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

Yang Zhang wrote:
Hi, is it possible to filter (local origin/destination) packets on
process or application? My understanding is that iptables doesn't do
this, but are there any other system facilities in Linux that make
this possible? Thanks in advance.

The owner module (xt_owner) matches the owner of the socket

# iptables -m owner --help
iptables v1.4.4
[...]
owner match options:
[!] --uid-owner userid[-userid]      Match local UID
[!] --gid-owner groupid[-groupid]    Match local GID
[!] --socket-exists                  Match if socket exists


man iptables for more details ;)

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux