* pid-owner matcher
@ 2009-10-06 20:17 Vlad
0 siblings, 0 replies; only message in thread
From: Vlad @ 2009-10-06 20:17 UTC (permalink / raw)
To: netfilter
Looking that the Packet Filtering HOWTO it describes an owner extension
that should allow you to match based on uid, gid, pid, and sid. However,
when i try to use the pid matching i get the following error:
bash$ sudo iptables -A OUTPUT -p TCP -m owner --pid-owner 1001 -j MARK
--set-mark 91
>> iptables v1.4.1.1: Unknown arg `--pid-owner'
it appears that pid-owner is no longer a supported option:
bash$ sudo iptables -m owner --help
>>....
>> owner match options:
[!] --uid-owner userid[-userid] Match local UID
[!] --gid-owner groupid[-groupid] Match local GID
[!] --socket-exists Match if socket exists
Is there any way to get a pid matcher anymore? What I'm trying to do is
to force all traffic generated by a particular process to use a virtual
interface eht0:1. My current approach is to first --set-mark all such
packets with iptables and then route them using ip rule.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2009-10-06 20:17 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-10-06 20:17 pid-owner matcher Vlad
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.