Search This Blog

Wednesday, October 21, 2009

Re: Match owner

Bjoern Meier a écrit :
> 2009/10/21 Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
>
>>> If I set:
>>> -A OUTPUT -d <IP> -m owner --uid-owner <username> -j ACCEPT
>>>
>>> It fails and my logging shows, that the Rule will be ignored und goes to
>> the
>>> deny rule (last rule).
>> How does it fail ? What is the error message ?
>>
> oh sry, there is no error.
> Iptables semms to accept this rule. I can see it with iptables -S, but it
> seems to be ignored.

Are you sure that the UID is correct ? What kind of traffic are you
trying to match ?
Keep in mind that --uid-owner matches the effective UID, so packets sent
by special programs with the SUID bit set such as ping, traceroute...
have the UID of the owner of the program (usually root).

> I don't know how I can see the owner. Is there a switch
> on - maybe - tcpdump?

I don't know.


--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

No comments: