[PATCH] sgml documentation for owner match
bert hubert
ahu@ds9a.nl
Wed, 22 Mar 2000 17:33:23 +0100
Migrated some documentation from iptables.8 to packet-filtering-HOWTO
diff -u sgml.orig/packet-filtering-HOWTO.sgml sgml/packet-filtering-HOWTO.sgml
--- sgml.orig/packet-filtering-HOWTO.sgml Wed Mar 22 17:32:11 2000
+++ sgml/packet-filtering-HOWTO.sgml Wed Mar 22 17:40:49 2000
@@ -673,7 +673,7 @@
<sect3>Other Match Extensions
<p>
-The other two extensions in the netfilter package are demonstration
+The other extensions in the netfilter package are demonstration
extensions, which (if installed) can be invoked with the `-m' option.
<descrip>
@@ -723,6 +723,27 @@
<p>You cannot currently create a rule with a recharge time greater
than about 59 hours, so if you set an average rate of one per day,
then your burst rate must be less than 3.
+
+<tag>owner</tag>
+This module attempts to match various characteristics of the packet
+creator, for locally-generated packets. It is only valid in the
+OUTPUT chain, and even then some packets (such as ICMP ping responses)
+may have no owner, and hence never match.
+
+<descrip>
+ <tag>--uid-owner userid</tag>
+Matches if the packet was created by a process with the given
+effective (numerical) user id.
+ <tag>--uid-owner groupid</tag>
+Matches if the packet was created by a process with the given
+effective (numerical) group id.
+ <tag>--pid-owner processid</tag>
+Matches if the packet was created by a process with the given
+process id.
+ <tag>--sid-owner processid</tag>
+Matches if the packet was created by a process in the given session
+group.
+</descrip>
<tag>unclean</tag> This experimental module must be explicitly
specified with `-m unclean or `--match unclean'. It does various
--
| http://www.rent-a-nerd.nl
|
| - U N I X -
| Inspice et cautus eris - D11T'95