Looking that the Packet Filtering HOWTO it describes an owner extension that should allow you to match based on uid, gid, pid, and sid. However, when i try to use the pid matching i get the following error: bash$ sudo iptables -A OUTPUT -p TCP -m owner --pid-owner 1001 -j MARK --set-mark 91 >> iptables v1.4.1.1: Unknown arg `--pid-owner' it appears that pid-owner is no longer a supported option: bash$ sudo iptables -m owner --help >>.... >> owner match options: [!] --uid-owner userid[-userid] Match local UID [!] --gid-owner groupid[-groupid] Match local GID [!] --socket-exists Match if socket exists Is there any way to get a pid matcher anymore? What I'm trying to do is to force all traffic generated by a particular process to use a virtual interface eht0:1. My current approach is to first --set-mark all such packets with iptables and then route them using ip rule. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html