You are not logged in.

#1 2015-04-21 11:01:12

solar
Member
Registered: 2011-03-01
Posts: 77

iptables -m option(s) missing [SOLVED]

Hi there, trying to block an outgoing connection by command-name but the following happens:


$ sudo iptables -A OUTPUT -m owner --cmd-owner myapp -j DROP yields
iptables v1.4.21: unknown option "--cmd-owner"

ls -l /usr/lib/modules/`uname -r`/kernel/net/netfilter |grep owner
-rw-r--r-- 1 root root  1411 Apr  8 14:11 xt_owner.ko.gz

So hmm, does that mean in our current vanilla kernel (3.19.3-3 is it?) we have some net options not set?

i.e. would I need to compile the kernel for this hmm Or is it just a command which has disappeared into oblivion over the years?

edit: yes, the module is also loaded.

PPS. Ok, it does indeed seem to be an ancient command, that particular option.

So the question is rather.. does iptables have an equivalent matching pattern aginst a command_name?

I use/am learning nft more on some other systems but for the one in mind, uses iptables.

Well, not sure if there is a command specific solution in the venerable iptables but I solved it by using a group and be done with it.

Last edited by solar (2015-04-21 11:29:41)


I am hilariously insane. yup. you won't notice though.. I promise...I think.

Offline

#2 2015-04-21 11:23:02

brebs
Member
Registered: 2007-04-03
Posts: 3,742

Re: iptables -m option(s) missing [SOLVED]

Can use:

--uid-owner
--gid-owner

Can use the "sg" command, to run a command as a particular group.

Offline

#3 2015-04-21 11:30:25

solar
Member
Registered: 2011-03-01
Posts: 77

Re: iptables -m option(s) missing [SOLVED]

hi brebs.. ye, I did as a means to an end , blocked a group, and can add/script things as needed via that group. Good enough. smile


I am hilariously insane. yup. you won't notice though.. I promise...I think.

Offline

Board footer

Powered by FluxBB