Покотиленко Костик wrote: > В Вск, 11/11/2007 в 10:54 +0300, Mikhail A Antonov пишет: > > # man iptables > ... > owner > This module attempts to match various characteristics of the > packet creator, for locally-generated > packets. It is only valid in the OUTPUT chain, and even this > some packets (such as ICMP ping > responses) may have no owner, and hence never match. > > --uid-owner userid > Matches if the packet was created by a process with the > given effective user id. > > --gid-owner groupid > Matches if the packet was created by a process with the > given effective group id. > > --pid-owner processid > Matches if the packet was created by a process with the > given process id. > > (Please note: This option requires kernel support that > might not be available in official Linux > kernel sources or Debian's packaged Linux kernel sources. > And if support for this option is > available for the specific Linux kernel source version, > that support might not be enabled in the > current Linux kernel binary.) > > --sid-owner sessionid > Matches if the packet was created by a process in the > given session group. > > (Please note: This option requires kernel support that > might not be available in official Linux > kernel sources or Debian's packaged Linux kernel > sources. And if support for this option is > available for the specific Linux kernel source version, > that support might not be enabled in the > current Linux kernel binary.) > > --cmd-owner name > Matches if the packet was created by a process with the > given command name. > > (Please note: This option requires kernel support that > might not be available in official Linux > kernel sources or Debian's packaged Linux kernel sources. > And if support for this option is > available for the specific Linux kernel source version, > that support might not be enabled in the > current Linux kernel binary.) > > NOTE: pid, sid and command matching are broken on SMP > .. # iptables -t nat -A OUTPUT -m owner --pid-owner 4699 iptables: Invalid argument
dmesg | tail -1 ipt_owner: pid, sid and command matching not supported anymore ядро 2.6.22 сам недавно копал может где в неофициальных патчах ? или Дебьяновское ядро не поддерживает ... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
