| Henrik Nordstrom | c279413 | 2004-01-22 15:04:24 +0000 | [diff] [blame] | 1 | This module attempts to match various characteristics of the packet |
| 2 | creator, for locally-generated packets. It is only valid in the |
| 3 | .B OUTPUT |
| 4 | chain, and even this some packets (such as ICMP ping responses) may |
| 5 | have no owner, and hence never match. |
| 6 | .TP |
| 7 | .BI "--uid-owner " "userid" |
| 8 | Matches if the packet was created by a process with the given |
| 9 | effective user id. |
| 10 | .TP |
| 11 | .BI "--gid-owner " "groupid" |
| 12 | Matches if the packet was created by a process with the given |
| 13 | effective group id. |
| 14 | .TP |
| 15 | .BI "--pid-owner " "processid" |
| 16 | Matches if the packet was created by a process with the given |
| 17 | process id. |
| 18 | .TP |
| 19 | .BI "--sid-owner " "sessionid" |
| 20 | Matches if the packet was created by a process in the given session |
| 21 | group. |
| 22 | .TP |
| 23 | .BI "--cmd-owner " "name" |
| 24 | Matches if the packet was created by a process with the given command name. |
| 25 | (this option is present only if iptables was compiled under a kernel |
| 26 | supporting this feature) |
| Patrick McHardy | 373f8e9 | 2004-10-03 20:36:54 +0000 | [diff] [blame] | 27 | .TP |
| 28 | .B NOTE: pid, sid and command matching are broken on SMP |