On 09.09.2013 14:58, ken wrote: > On 09/09/2013 05:54 AM Lars Noodén wrote: >> On 9/9/13 3:14 PM, atar wrote:> Thanks for replying! >>> >>> Unfortunately, when invoking the 'iptables' command with the arguments >>> you've suggested, the program says: >>> >>>> iptables v1.4.14: unknown option "--cmd-owner" >>>> Try `iptables -h' or 'iptables --help' for more information. >>> >>> Regards! >>> >>> atar. >>> >>> >> My mistake. It seems that the tutorial is way out of date. >> >> $ iptables -m owner --help >> ... >> owner match options: >> [!] --uid-owner userid[-userid] Match local UID >> [!] --gid-owner groupid[-groupid] Match local GID >> [!] --socket-exists Match if socket exists >> >> So it looks like cmd-owner is no longer used. Apparmor or SELinux >> mentioned by Claudius are the next things to try, though they are more >> complex. > > Hmmm. I get this: > > # iptables -V > iptables v1.3.5 > # iptables -m owner --help > ... > OWNER match v1.3.5 options: > [!] --uid-owner userid Match local uid > [!] --gid-owner groupid Match local gid > [!] --pid-owner processid Match local pid > [!] --sid-owner sessionid Match local sid > [!] --cmd-owner name Match local command name > NOTE: pid, sid and command matching are broken on SMP > FWIW mine is also iptables 1.4.14,
$ lsb_release -rd Description: Debian GNU/Linux 7.0 (wheezy) Release: 7.0 $ iptables -V iptables v1.4.14 So somewhere between the 1.3.5 and 1.4.14, the capability disappeared Regards, /Lars -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/522dc402.9050...@gmail.com
