Re: IPTables logging target: show pid/program name?

["Chris de Vidal" <chris () devidal tv>]

William Stearns said:
>       The "owner" match module could be used to check what
> application/uid created the packet.  This can only be used in the OUTPUT
and POSTROUTING chains, but that's perfect for what you need.

Looks like exactly what I need.

I'm sure someone might need to see a previously-unknown application.  I
block outbound as well as inbound on my servers and I would like to know
if I have a trojan... without knowing the name, the above wouldn't give me
more information, other than alerting me to be suspicious.

But that's just icing on the cake; the above rules will be very helpful. 
Thank you very much!!

/dev/idal



_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards