On 09.09.2013 14:58, ken wrote: > On 09/09/2013 05:54 AM Lars Noodén wrote: >> On 9/9/13 3:14 PM, atar wrote:> Thanks for replying! >>> >>> Unfortunately, when invoking the 'iptables' command with the arguments >>> you've suggested, the program says: >>> >>>> iptables v1.4.14: unknown option "--cmd-owner" >>>> Try `iptables -h' or 'iptables --help' for more information. >>> >>> Regards! >>> >>> atar. >>> >>> >> My mistake. It seems that the tutorial is way out of date. >> >> $ iptables -m owner --help >> ... >> owner match options: >> [!] --uid-owner userid[-userid] Match local UID >> [!] --gid-owner groupid[-groupid] Match local GID >> [!] --socket-exists Match if socket exists >> >> So it looks like cmd-owner is no longer used. Apparmor or SELinux >> mentioned by Claudius are the next things to try, though they are more >> complex. > > Hmmm. I get this: > > # iptables -V > iptables v1.3.5 > # iptables -m owner --help > ... > OWNER match v1.3.5 options: > [!] --uid-owner userid Match local uid > [!] --gid-owner groupid Match local gid > [!] --pid-owner processid Match local pid > [!] --sid-owner sessionid Match local sid > [!] --cmd-owner name Match local command name > NOTE: pid, sid and command matching are broken on SMP
One possible explanation might be SMP: $ uname -a Linux debian 3.2.0-4-686-pae #1 SMP Debian 3.2.41-2+deb7u2 i686 GNU/Linux Regards, /Lars -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/522dc5c9.1080...@gmail.com
