| Jan Engelhardt | 5c5cd88 | 2008-01-20 13:21:38 +0000 | [diff] [blame] | 1 | This module attempts to match various characteristics of the packet creator, |
| 2 | for locally generated packets. This match is only valid in the OUTPUT and |
| 3 | POSTROUTING chains. Forwarded packets do not have any socket associated with |
| 4 | them. Packets from kernel threads do have a socket, but usually no owner. |
| 5 | .TP |
| Jan Engelhardt | fea74bf | 2009-01-12 04:53:18 +0100 | [diff] [blame] | 6 | [\fB!\fP] \fB\-\-uid\-owner\fP \fIusername\fP |
| Jan Engelhardt | 5c5cd88 | 2008-01-20 13:21:38 +0000 | [diff] [blame] | 7 | .TP |
| Jan Engelhardt | fea74bf | 2009-01-12 04:53:18 +0100 | [diff] [blame] | 8 | [\fB!\fP] \fB\-\-uid\-owner\fP \fIuserid\fP[\fB\-\fP\fIuserid\fP] |
| Jan Engelhardt | 1a756e9 | 2008-02-11 00:57:18 +0100 | [diff] [blame] | 9 | Matches if the packet socket's file structure (if it has one) is owned by the |
| 10 | given user. You may also specify a numerical UID, or an UID range. |
| 11 | .TP |
| Jan Engelhardt | fea74bf | 2009-01-12 04:53:18 +0100 | [diff] [blame] | 12 | [\fB!\fP] \fB\-\-gid\-owner\fP \fIgroupname\fP |
| Jan Engelhardt | 1a756e9 | 2008-02-11 00:57:18 +0100 | [diff] [blame] | 13 | .TP |
| Jan Engelhardt | fea74bf | 2009-01-12 04:53:18 +0100 | [diff] [blame] | 14 | [\fB!\fP] \fB\-\-gid\-owner\fP \fIgroupid\fP[\fB\-\fP\fIgroupid\fP] |
| Jan Engelhardt | 1a756e9 | 2008-02-11 00:57:18 +0100 | [diff] [blame] | 15 | Matches if the packet socket's file structure is owned by the given group. |
| 16 | You may also specify a numerical GID, or a GID range. |
| Jan Engelhardt | 5c5cd88 | 2008-01-20 13:21:38 +0000 | [diff] [blame] | 17 | .TP |
| Jan Engelhardt | fea74bf | 2009-01-12 04:53:18 +0100 | [diff] [blame] | 18 | [\fB!\fP] \fB\-\-socket\-exists\fP |
| Jan Engelhardt | 5c5cd88 | 2008-01-20 13:21:38 +0000 | [diff] [blame] | 19 | Matches if the packet is associated with a socket. |