[netfilter-cvslog] CVS update: netfilter/userspace/patch-o-matic/base

marc@coruscant.gnumonks.org marc@coruscant.gnumonks.org
Sat, 19 Jan 2002 13:38:06 +0100

Date:	Sat Jan 19 10:38:06 2002
Author:	marc

Update of /cvsroot/netfilter/userspace/patch-o-matic/base
In directory coruscant.gnumonks.org:/tmp/cvs-serv22308

Added Files:
	ownercmd.patch ownercmd.patch.help 
Log Message:

This patch adds support for local process name matching
to the owner match (--cmd-owner option).

You can use this feature to filter connections forwarded by
your ssh daemon with rules like:

iptables -N CheckSSHSyns
# allow forwarded connections to rsync port on
iptables -A CheckSSHSyns -p tcp -d --dport 873 -j RETURN
# refuse everything else
iptables -A CheckSSHSyns -j REJECT --reject-with tcp-reset

iptables -I OUTPUT -p tcp --syn -m owner --cmd-owner sshd -j CheckSSHSyns

ownercmd.patch		NONE => 1.1
ownercmd.patch.help		NONE => 1.1