command owner match support

All of lore.kernel.org
 help / color / mirror / Atom feed

* command owner match support
@ 2006-01-05  6:56 Ryan L
  2006-01-06 13:31 ` Nick Drage
  0 siblings, 1 reply; 3+ messages in thread
From: Ryan L @ 2006-01-05  6:56 UTC (permalink / raw)
  To: netfilter

I'm trying to block specific applications through iptables. However I
keep getting the following error message: Jan  4 22:44:05 thor
ipt_owner: pid, sid and command matching not supported anymore
Is there any way to add this back into the newer kernels or to do this
without it?

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: command owner match support
  2006-01-05  6:56 command owner match support Ryan L
@ 2006-01-06 13:31 ` Nick Drage
       [not found]   ` <43BF214A.4050801@lists.netfilter.org>
  0 siblings, 1 reply; 3+ messages in thread
From: Nick Drage @ 2006-01-06 13:31 UTC (permalink / raw)
  To: netfilter

On Thu, Jan 05, 2006 at 12:56:38 -0600, Ryan L wrote:

> I'm trying to block specific applications through iptables. However I
> keep getting the following error message: Jan  4 22:44:05 thor
> ipt_owner: pid, sid and command matching not supported anymore Is
> there any way to add this back into the newer kernels or to do this
> without it?

I'm not seeing that message when I try and use --cmd-owner or
--pid-owner, I just get "iptables: Invalid argument".  However the
commands are listed in the output of "iptables --owner --help" for
IPTables 1.3.3.

I can only presume that that functionality has silently "gone away".  I
can't see anything on mailing lists or in the netfilter documentation,
are there any references for when this was removed, or why, or what it
should be replaced with, if anything?

-- 
When the going gets tough, the tough call for close air support.


^ permalink raw reply	[flat|nested] 3+ messages in thread

[parent not found: <43BF214A.4050801@lists.netfilter.org>]

[parent not found: <20060107140410.GK7546@metastasis.org.uk>]

* Re: command owner match support
       [not found]     ` <20060107140410.GK7546@metastasis.org.uk>
@ 2006-01-07 16:58       ` Ryan L
  0 siblings, 0 replies; 3+ messages in thread
From: Ryan L @ 2006-01-07 16:58 UTC (permalink / raw)
  To: netfilter

Nick Drage wrote:

>On Fri, Jan 06, 2006 at 08:02:50 -0600, drseus88@gmail.com wrote:
>  
>
>>Nick Drage wrote:
>>    
>>
>>>On Thu, Jan 05, 2006 at 12:56:38 -0600, Ryan L wrote:
>>>      
>>>
>
>Hi,
>
>  
>
>>I have found nothing about why it was removed or it should be replaced
>>with either. That is the main thing I'm trying to find out. The
>>message you get is the same as what I get when running the command in
>>console.  But if you check /var/log/messages right afterward, it will
>>show the message I posted. Sorry. I should have clarified that a bit
>>more. Also, I'm using iptables 1.3.4 with a 2.6.14 kernel.
>>    
>>
>
>It's very weird that it's just vanished.  Please post me this reply but
>to the mailing list just so everyone can see it, and then I'll send off
>an email to the developers, see if we can get a response.
>
>Thanks.
>
>  
>
Oh, did you mean like this?

Ok this is how it went in order:
> 1) Run: iptables -I OUTPUT -m owner --cmd-owner firefox -j LOG
> 2) It gives me this message: "iptables: Invalid argument"
> 3) Check /var/log/messages
> 4) It shows the following message:  "Jan 4 22:44:05 thor > ipt_owner: 
> pid, sid and command matching not supported anymore"
> 5) I say "WTF!?"




^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2006-01-07 16:58 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-01-05  6:56 command owner match support Ryan L
2006-01-06 13:31 ` Nick Drage
     [not found]   ` <43BF214A.4050801@lists.netfilter.org>
     [not found]     ` <20060107140410.GK7546@metastasis.org.uk>
2006-01-07 16:58       ` Ryan L

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.