Re: block a program from access the Internet.
On 09.09.2013 14:58, ken wrote:
> On 09/09/2013 05:54 AM Lars Noodén wrote:
>> On 9/9/13 3:14 PM, atar wrote:> Thanks for replying!
>>>
>>> Unfortunately, when invoking the 'iptables' command with the arguments
>>> you've suggested, the program says:
>>>
>>>> iptables v1.4.14: unknown option "--cmd-owner"
>>>> Try `iptables -h' or 'iptables --help' for more information.
>>>
>>> Regards!
>>>
>>> atar.
>>>
>>>
>> My mistake. It seems that the tutorial is way out of date.
>>
>> $ iptables -m owner --help
>> ...
>> owner match options:
>> [!] --uid-owner userid[-userid] Match local UID
>> [!] --gid-owner groupid[-groupid] Match local GID
>> [!] --socket-exists Match if socket exists
>>
>> So it looks like cmd-owner is no longer used. Apparmor or SELinux
>> mentioned by Claudius are the next things to try, though they are more
>> complex.
>
> Hmmm. I get this:
>
> # iptables -V
> iptables v1.3.5
> # iptables -m owner --help
> ...
> OWNER match v1.3.5 options:
> [!] --uid-owner userid Match local uid
> [!] --gid-owner groupid Match local gid
> [!] --pid-owner processid Match local pid
> [!] --sid-owner sessionid Match local sid
> [!] --cmd-owner name Match local command name
> NOTE: pid, sid and command matching are broken on SMP
One possible explanation might be SMP:
$ uname -a
Linux debian 3.2.0-4-686-pae #1 SMP Debian 3.2.41-2+deb7u2 i686 GNU/Linux
Regards,
/Lars
Reply to: