On Fri, Dec 04, 2009 at 08:21:58PM -0000, ceg wrote: > > iptables (and the kernel probably) are not compiled with support for pid and > cmd filtering. > So it can not grant connections only for selected processes or commands. > > --pid-owner processid > Matches if the packet was created by a process with > the given process id. > > --sid-owner sessionid > Matches if the packet was created by a process in > the given session group. > > --cmd-owner name > Matches if the packet was created by a process with > the given command name. (this option is present > only if iptables was compiled under a kernel sup- > porting this feature)
Support from this was dropped in the upstream kernel in 2005. http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=34b4a4a624bafe089107966a6c56d2a1aca026d4 status wontfix To be honest, I've never understood the use of these anyway. PID's and SID's are transient. Why would anyone do firewalling based on them? -- PID and CMD filtering missing https://bugs.launchpad.net/bugs/492612 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
