Re: bloccare accesso ad internet per un'applicazione

[Alessandro Pellizzari <alex@amiran.it>]

Il giorno lun, 24/10/2005 alle 19.42 +0200, Roberto Nicolini ha scritto:

> 2) dove trovare più info su questo particolare, visto che l'output di 
> man iptables | grep owner
> è nullo.

Credo che dovresti aggiornare iptables. O non usare le manpage in
italiano, che spesso non sono aggiornate.
Questo da etch:


 owner
       This module attempts to match various characteristics of the
packet creator, for locally-generated packets. It is valid in the INPUT,
OUTPUT  and
       POSTROUTING chains, however in the INPUT chain only TCP and UDP
packets can be matched. Also note that some packets (such as ICMP ping
responses)
       may have no owner, and hence never match.

       --uid-owner userid
              Matches if the packet was created by a process with the
given effective user id.

       --gid-owner groupid
              Matches if the packet was created by a process with the
given effective group id.

       --pid-owner processid
              Matches if the packet was created by a process with the
given process id.

       --sid-owner sessionid
              Matches if the packet was created by a process in the
given session group.

       --cmd-owner name
              Matches if the packet was created by a process with the
given command name.  (this option is present only if iptables was
compiled under a
              kernel supporting this feature)

       NOTE: pid, sid and command matching are broken on SMP



-- 
Alessandro Pellizzari