Hello,
Sthu Deus a écrit :
>
> I try to get UIDs of the processes that generate OUTPUT traffic:
>
> /sbin/iptables -A OUTPUT -j LOG --log-uid --log-prefix OUTPT->
> --log-level 2
>
> But I do not get the UIDs:
>
> OUTPT->IN= OUT=br0 SRC=XXXX DST=ZZZZ LEN=52 TOS=0x00
> PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=48282 DPT=9001 WINDOW=842
> RES=0x00 ACK URGP=0
Is the UID missing for all packets or only for this one ?
According to a quick test, it seems that the last ACK in a TCP
connection does not have a UID (probably because the socket is closed).
Packets generated by the kernel itself (TCP RST, ICMP messages...) do no
have a UID.
> Also, may You know the answer to my curiocity, Why I can not locate '-j
> LOG' in above iptables rule at the end of the rule? - For iptables
> complains about unknown '--log-uid'. - I understand that something is
> then missing before the sufix, but from iptables man. it is not evident
> to me what.
--log-* are options to the LOG target, so iptables does not expect them
before.
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/5001272F.2040203@plouf.fr.eu.org
No comments:
Post a Comment