You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
24 lines
1.0 KiB
24 lines
1.0 KiB
This module attempts to match various characteristics of the packet creator,
|
|
for locally generated packets. This match is only valid in the OUTPUT and
|
|
POSTROUTING chains. Forwarded packets do not have any socket associated with
|
|
them. Packets from kernel threads do have a socket, but usually no owner.
|
|
.TP
|
|
[\fB!\fP] \fB\-\-uid\-owner\fP \fIusername\fP
|
|
.TP
|
|
[\fB!\fP] \fB\-\-uid\-owner\fP \fIuserid\fP[\fB\-\fP\fIuserid\fP]
|
|
Matches if the packet socket's file structure (if it has one) is owned by the
|
|
given user. You may also specify a numerical UID, or an UID range.
|
|
.TP
|
|
[\fB!\fP] \fB\-\-gid\-owner\fP \fIgroupname\fP
|
|
.TP
|
|
[\fB!\fP] \fB\-\-gid\-owner\fP \fIgroupid\fP[\fB\-\fP\fIgroupid\fP]
|
|
Matches if the packet socket's file structure is owned by the given group.
|
|
You may also specify a numerical GID, or a GID range.
|
|
.TP
|
|
\fB\-\-suppl\-groups\fP
|
|
Causes group(s) specified with \fB\-\-gid-owner\fP to be also checked in the
|
|
supplementary groups of a process.
|
|
.TP
|
|
[\fB!\fP] \fB\-\-socket\-exists\fP
|
|
Matches if the packet is associated with a socket.
|