[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Match owner


2009/10/21 Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
[Sent back on the list. Please pay attention to the recipient address.]

Cory Oldford a écrit :
> Is the traffic originating from a process on the machine with the firewall?

Of course. The OUTPUT chain sees only packets generated by local
processes. This is why the "owner" match is valid only in this chain.

mh ok. Well, the packet IN-if is ppp0 and the OUT-if is eth2. The user is a winbind mapped user-id. 
Last and ac can both map the user-id with the username, so my hope was iptables could this do, too.
So routing-packets have no localuser-owner? 

To boldly go where no man has gone before ... I'll wait there with touristinformation

Reply to: