[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: creating rules regarding to a command name

2006. március 5. 12:14,
LeVA <leva@az.isten.hu>
-> debian-firewall@lists.debian.org,:
> 2006. március 5. 12:02,
> Stephan Balmer <sb@lia.ch>
> -> debian-firewall@lists.debian.org,:
> > > > I want to create a rule with iptables, which applies to any traffic
> > > > which is created by a given command name. Is this possible?
> > >
> > > I mean I want to mark the packets created for example by the 'telnet'
> > > executable.
> >
> > Try the owner match
> >  
> > http://iptables-tutorial.frozentux.net/iptables-tutorial.html#OWNERMATCH
> > and make sure you have the ipt_owner module loaded
> Ooh thanks, sorry, I thought it only works for the owner of a process, the
> user id.
Could anyone tell me please what is wrong with this:

# /sbin/iptables -t mangle -A OUTPUT -m owner --cmd-owner my_exec -j MARK 
--set-mark 1
iptables: Invalid argument

I have loaded the ipt_owner and the iptables_mangle and ipt_MARK module.

And I have these line my kernel log:

ipt_owner: pid, sid and command matching not supported anymore

Then why are these options are in the man page, and all of the howtos?
Does this mean that I have a kernel which has version of this module, which 
doesn't support this feature?
$ uname -r



Reply to: