netfilter on bullseye: matching executable name or pid with nftables

To: Debian User <debian-user@lists.debian.org>
Subject: netfilter on bullseye: matching executable name or pid with nftables
From: André Rodier <andre@rodier.me>
Date: Sun, 13 Feb 2022 11:01:52 +0000
Message-id: <[🔎] fe6acaa9-294e-6743-6c2e-b363205a399f@rodier.me>

Hi,

With iptables, I was able to use the match extension, and create rulesper program or pid, for isntance:


iptables -A OUTPUT --match owner -p tcp --cmd-owner tinyproxy -j ACCEPT
iptables -A OUTPUT --match owner -p tcp --pid-owner 4554 -j ACCEPT

How can I achieve the same, on Linux, using nftables, please ?

I am using Debian Bullseye

Thanks.

--
𝓐𝓡 - 𝐴𝑛𝑑𝑟𝑒 𝑅𝑜𝑑𝑖𝑒𝑟

Reply to:

Follow-Ups:
- Re: netfilter on bullseye: matching executable name or pid with nftables
  - From: Dan Ritter <dsr@randomstring.org>

Prev by Date: Re: Uninstalling a package removes other essential packages: What is the best course of action?
Next by Date: Re: Request free live CD
Previous by thread: Re: telegram package upgrade
Next by thread: Re: netfilter on bullseye: matching executable name or pid with nftables
Index(es):
- Date
- Thread