[netfilter-cvslog] CVS update: netfilter/userspace/patch-o-matic/base
marc@coruscant.gnumonks.org
marc@coruscant.gnumonks.org
Sat, 19 Jan 2002 13:38:06 +0100
Date: Sat Jan 19 10:38:06 2002
Author: marc
Update of /cvsroot/netfilter/userspace/patch-o-matic/base
In directory coruscant.gnumonks.org:/tmp/cvs-serv22308
Added Files:
ownercmd.patch ownercmd.patch.help
Log Message:
This patch adds support for local process name matching
to the owner match (--cmd-owner option).
You can use this feature to filter connections forwarded by
your ssh daemon with rules like:
iptables -N CheckSSHSyns
# allow forwarded connections to rsync port on 192.168.1.1
iptables -A CheckSSHSyns -p tcp -d 192.168.1.1 --dport 873 -j RETURN
# refuse everything else
iptables -A CheckSSHSyns -j REJECT --reject-with tcp-reset
iptables -I OUTPUT -p tcp --syn -m owner --cmd-owner sshd -j CheckSSHSyns
Revisions:
ownercmd.patch NONE => 1.1
http://www.samba.org/cgi-bin/cvsweb/netfilter/userspace/patch-o-matic/base/ownercmd.patch?rev=1.1
ownercmd.patch.help NONE => 1.1
http://www.samba.org/cgi-bin/cvsweb/netfilter/userspace/patch-o-matic/base/ownercmd.patch.help?rev=1.1