* Process filtering
@ 2009-09-14 19:38 Yang Zhang
2009-09-14 20:00 ` Julien Vehent
0 siblings, 1 reply; 2+ messages in thread
From: Yang Zhang @ 2009-09-14 19:38 UTC (permalink / raw)
To: netfilter
Hi, is it possible to filter (local origin/destination) packets on
process or application? My understanding is that iptables doesn't do
this, but are there any other system facilities in Linux that make
this possible? Thanks in advance.
--
Yang Zhang
http://www.mit.edu/~y_z/
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Process filtering
2009-09-14 19:38 Process filtering Yang Zhang
@ 2009-09-14 20:00 ` Julien Vehent
0 siblings, 0 replies; 2+ messages in thread
From: Julien Vehent @ 2009-09-14 20:00 UTC (permalink / raw)
To: Yang Zhang; +Cc: netfilter
[-- Attachment #1: Type: text/plain, Size: 604 bytes --]
Hello,
Yang Zhang wrote:
> Hi, is it possible to filter (local origin/destination) packets on
> process or application? My understanding is that iptables doesn't do
> this, but are there any other system facilities in Linux that make
> this possible? Thanks in advance.
The owner module (xt_owner) matches the owner of the socket
# iptables -m owner --help
iptables v1.4.4
[...]
owner match options:
[!] --uid-owner userid[-userid] Match local UID
[!] --gid-owner groupid[-groupid] Match local GID
[!] --socket-exists Match if socket exists
man iptables for more details ;)
[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/x-pkcs7-signature, Size: 3485 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2009-09-14 20:00 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-09-14 19:38 Process filtering Yang Zhang
2009-09-14 20:00 ` Julien Vehent
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.