hi, 2009/10/21 Pascal Hambourg <[email protected]> > > If I set: > > -A OUTPUT -d <IP> -m owner --uid-owner <username> -j ACCEPT > > > > It fails and my logging shows, that the Rule will be ignored und goes to > the > > deny rule (last rule). > > How does it fail ? What is the error message ? > > oh sry, there is no error. Iptables semms to accept this rule. I can see it with iptables -S, but it seems to be ignored. Because I can see that the package is denied by:
-A INPUT -j RULE_8 -A FORWARD -j RULE_8 -A OUTPUT -j RULE_8 -A RULE_8 -j LOG --log-prefix "iptables: RULE 8 -- DENY " --log-level 6 -A RULE_8 -j DROP this is my last Rule. In the logfile I see: "Oct 21 08:18:35 firewall kernel: [1108215.699056] iptables: RULE 8 -- DENY <package content>" don't know why and I don't know how I can see the owner. Is there a switch on - maybe - tcpdump? > I also read that that match is disabled in newer kernels. I used the Lenny > > Kernel 2.6.26-2-amd64. Is this option disabled in this kernel and if so, > how > > can I reenabled that (I did not find it in menuconfig). > > AFAIK, only the --cmd-owner, --pid-owner and --sid-owner options have > been disabled since kernel 2.6.14. The kernel module xt_owner.ko is > present in the Debian 2.6.26-2-amd64 kernel package, and the library > libxt_owner.so is present too in the iptables package. > ok thank you. That is good to read. the xt_owner is also loaded Greetings, Björn -- To boldly go where no man has gone before ... I'll wait there with touristinformation
