Re: block a program from access the Internet.
On 9/9/13 3:14 PM, atar wrote:> Thanks for replying!
>
> Unfortunately, when invoking the 'iptables' command with the arguments
> you've suggested, the program says:
>
>> iptables v1.4.14: unknown option "--cmd-owner"
>> Try `iptables -h' or 'iptables --help' for more information.
>
> Regards!
>
> atar.
>
>
My mistake. It seems that the tutorial is way out of date.
$ iptables -m owner --help
...
owner match options:
[!] --uid-owner userid[-userid] Match local UID
[!] --gid-owner groupid[-groupid] Match local GID
[!] --socket-exists Match if socket exists
So it looks like cmd-owner is no longer used. Apparmor or SELinux
mentioned by Claudius are the next things to try, though they are more
complex.
Regards,
/Lars
Reply to: