Dear all,

I am learning to setup firewall using IP Tables. My system is Ubuntu 
11.10 linux x64 (linux kernel 3.3-rc5)

My goal is:
     1. Allow authorized user to accessing internet only
     2. Isolate network daemons from loopback device and LAN, but they 
are allowed to access internet

To achieve this, my firewall is built with the following logic:

   1. Default policy drop
   2. For input chain, listen to a few ports only
   3. For output chain, log all dropped package for debugging.

I spotted that a few package is dropped on output chain: ICMP, IGMP 
(Proto type=2) and TCP package. They do not have owner id.

Now I want to silent them by adding accept rule, but I have the 
following question about the ownership of packet.
According to the documentation of iptables: "Packets from kernel threads 
do have a socket, but usually no owner.

   1. Is it possible that misbehaved program send “no owner” package 
(e.g. ICMP/IGMP)? (assume that program has no root privilege and cannot 
access setuid executable)
   2. Can I assume that “no owner” package always comes from kernel or 
program with root privilege?
   3. Why the TCP package in my log can be “no owner”?
   4. How to write a rule to "accept" all "no-owner" outbound package?

Thank a lot
Ching