* Process filtering @ 2009-09-14 19:38 Yang Zhang 2009-09-14 20:00 ` Julien Vehent 0 siblings, 1 reply; 2+ messages in thread From: Yang Zhang @ 2009-09-14 19:38 UTC (permalink / raw) To: netfilter Hi, is it possible to filter (local origin/destination) packets on process or application? My understanding is that iptables doesn't do this, but are there any other system facilities in Linux that make this possible? Thanks in advance. -- Yang Zhang http://www.mit.edu/~y_z/ ^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Process filtering 2009-09-14 19:38 Process filtering Yang Zhang @ 2009-09-14 20:00 ` Julien Vehent 0 siblings, 0 replies; 2+ messages in thread From: Julien Vehent @ 2009-09-14 20:00 UTC (permalink / raw) To: Yang Zhang; +Cc: netfilter [-- Attachment #1: Type: text/plain, Size: 604 bytes --] Hello, Yang Zhang wrote: > Hi, is it possible to filter (local origin/destination) packets on > process or application? My understanding is that iptables doesn't do > this, but are there any other system facilities in Linux that make > this possible? Thanks in advance. The owner module (xt_owner) matches the owner of the socket # iptables -m owner --help iptables v1.4.4 [...] owner match options: [!] --uid-owner userid[-userid] Match local UID [!] --gid-owner groupid[-groupid] Match local GID [!] --socket-exists Match if socket exists man iptables for more details ;) [-- Attachment #2: S/MIME Cryptographic Signature --] [-- Type: application/x-pkcs7-signature, Size: 3485 bytes --] ^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2009-09-14 20:00 UTC | newest] Thread overview: 2+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2009-09-14 19:38 Process filtering Yang Zhang 2009-09-14 20:00 ` Julien Vehent
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.