Hulkamania
17-04-2008, 19:34
Ciao, qualcuno per caso sa come dire a Iptables di consentire qualsiasi connessione da un certo programma?
View Full Version : Iptables: consentire programma
W.S.
18-04-2008, 08:27
Potresti usare la match extension 'owner', in particolare "--cmd-owner", da man:
owner
This module attempts to match various characteristics of the packet
creator, for locally-generated packets. It is only valid in the OUTPUT
chain, and even this some packets (such as ICMP ping responses) ay
have no owner, and hence never match.
--uid-owner userid
Matches if the packet was created by a process with the given
effective user id.
--gid-owner groupid
Matches if the packet was created by a process with the given
effective group id.
--pid-owner processid
Matches if the packet was created by a process with the given
process id.
(Please note: This option requires kernel support that might not
be available in official Linux kernel sources or Debian’s pack‐
aged Linux kernel sources. And if support for this option is
available for the specific Linux kernel source version, that
support might not be enabled in the current Linux kernel
binary.)
--sid-owner sessionid
Matches if the packet was created by a process in the given ses‐
sion group.
(Please note: This option requires kernel support that might not
be available in official Linux kernel sources or Debian’s pack‐
aged Linux kernel sources. And if support for this option is
available for the specific Linux kernel source version, that
support might not be enabled in the current Linux kernel
binary.)
--cmd-owner name
Matches if the packet was created by a process with the given
command name.
(Please note: This option requires kernel support that might not
be available in official Linux kernel sources or Debian’s pack‐
aged Linux kernel sources. And if support for this option is
available for the specific Linux kernel source version, that
support might not be enabled in the current Linux kernel
binary.)
owner
This module attempts to match various characteristics of the packet
creator, for locally-generated packets. It is only valid in the OUTPUT
chain, and even this some packets (such as ICMP ping responses) ay
have no owner, and hence never match.
--uid-owner userid
Matches if the packet was created by a process with the given
effective user id.
--gid-owner groupid
Matches if the packet was created by a process with the given
effective group id.
--pid-owner processid
Matches if the packet was created by a process with the given
process id.
(Please note: This option requires kernel support that might not
be available in official Linux kernel sources or Debian’s pack‐
aged Linux kernel sources. And if support for this option is
available for the specific Linux kernel source version, that
support might not be enabled in the current Linux kernel
binary.)
--sid-owner sessionid
Matches if the packet was created by a process in the given ses‐
sion group.
(Please note: This option requires kernel support that might not
be available in official Linux kernel sources or Debian’s pack‐
aged Linux kernel sources. And if support for this option is
available for the specific Linux kernel source version, that
support might not be enabled in the current Linux kernel
binary.)
--cmd-owner name
Matches if the packet was created by a process with the given
command name.
(Please note: This option requires kernel support that might not
be available in official Linux kernel sources or Debian’s pack‐
aged Linux kernel sources. And if support for this option is
available for the specific Linux kernel source version, that
support might not be enabled in the current Linux kernel
binary.)
leuzr0x
18-04-2008, 11:26
Oppure scopri le porte che utilizza questo programma e le apri. Ricordati che iptables e' un firewall a livello di rete non di applicazione.
Hulkamania
18-04-2008, 15:26
Ok grazie, quando ho tempo provo.
vBulletin® v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.