Firewall Wizards mailing list archives
Re: IPTables logging target: show pid/program name?
From: "Chris de Vidal" <chris () devidal tv>
Date: Sat, 15 Nov 2003 15:41:03 -0500 (EST)
William Stearns said:
The "owner" match module could be used to check what application/uid created the packet. This can only be used in the OUTPUT
and POSTROUTING chains, but that's perfect for what you need. Looks like exactly what I need. I'm sure someone might need to see a previously-unknown application. I block outbound as well as inbound on my servers and I would like to know if I have a trojan... without knowing the name, the above wouldn't give me more information, other than alerting me to be suspicious. But that's just icing on the cake; the above rules will be very helpful. Thank you very much!! /dev/idal _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- IPTables logging target: show pid/program name? Chris de Vidal (Nov 14)
- Re: IPTables logging target: show pid/program name? William Stearns (Nov 16)
- Re: IPTables logging target: show pid/program name? Chris de Vidal (Nov 16)
- Re: IPTables logging target: show pid/program name? William Stearns (Nov 16)