Blame extensions/libxt_owner.man
|
Packit Service |
d1fe03 |
This module attempts to match various characteristics of the packet creator,
|
|
Packit Service |
d1fe03 |
for locally generated packets. This match is only valid in the OUTPUT and
|
|
Packit Service |
d1fe03 |
POSTROUTING chains. Forwarded packets do not have any socket associated with
|
|
Packit Service |
d1fe03 |
them. Packets from kernel threads do have a socket, but usually no owner.
|
|
Packit Service |
d1fe03 |
.TP
|
|
Packit Service |
d1fe03 |
[\fB!\fP] \fB\-\-uid\-owner\fP \fIusername\fP
|
|
Packit Service |
d1fe03 |
.TP
|
|
Packit Service |
d1fe03 |
[\fB!\fP] \fB\-\-uid\-owner\fP \fIuserid\fP[\fB\-\fP\fIuserid\fP]
|
|
Packit Service |
d1fe03 |
Matches if the packet socket's file structure (if it has one) is owned by the
|
|
Packit Service |
d1fe03 |
given user. You may also specify a numerical UID, or an UID range.
|
|
Packit Service |
d1fe03 |
.TP
|
|
Packit Service |
d1fe03 |
[\fB!\fP] \fB\-\-gid\-owner\fP \fIgroupname\fP
|
|
Packit Service |
d1fe03 |
.TP
|
|
Packit Service |
d1fe03 |
[\fB!\fP] \fB\-\-gid\-owner\fP \fIgroupid\fP[\fB\-\fP\fIgroupid\fP]
|
|
Packit Service |
d1fe03 |
Matches if the packet socket's file structure is owned by the given group.
|
|
Packit Service |
d1fe03 |
You may also specify a numerical GID, or a GID range.
|
|
Packit Service |
d1fe03 |
.TP
|
|
Packit Service |
d1fe03 |
\fB\-\-suppl\-groups\fP
|
|
Packit Service |
d1fe03 |
Causes group(s) specified with \fB\-\-gid-owner\fP to be also checked in the
|
|
Packit Service |
d1fe03 |
supplementary groups of a process.
|
|
Packit Service |
d1fe03 |
.TP
|
|
Packit Service |
d1fe03 |
[\fB!\fP] \fB\-\-socket\-exists\fP
|
|
Packit Service |
d1fe03 |
Matches if the packet is associated with a socket.
|