[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: block a program from access the Internet.



On 9/9/13 3:14 PM, atar wrote:> Thanks for replying!
>
> Unfortunately, when invoking the 'iptables' command with the arguments
> you've suggested, the program says:
>
>> iptables v1.4.14: unknown option "--cmd-owner"
>> Try `iptables -h' or 'iptables --help' for more information.
>
> Regards!
>
> atar.
>
>
My mistake.  It seems that the tutorial is way out of date.

$ iptables -m owner --help
...
owner match options:
[!] --uid-owner userid[-userid]		Match local UID
[!] --gid-owner groupid[-groupid] 	Match local GID
[!] --socket-exists 			Match if socket exists

So it looks like cmd-owner is no longer used.  Apparmor or SELinux
mentioned by Claudius are the next things to try, though they are more
complex.

Regards,
/Lars


Reply to: