Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: iptables and --pid-owner option missing

  1. #11
    Join Date
    May 2009

    Re: iptables and --pid-owner option missing

    Quote Originally Posted by BkkBonanza View Post
    Besides, we have already indicated how you can do what you want.
    Here it is spelled out,

    #create special user with no home or login ability
    adduser --shell /bin/false --no-create-home myappuser

    # run your app as that user
    sudo -u myappuser myapp

    # add rules to only allow that user to connect out
    sudo iptables -A OUTPUT -m owner --uid-owner myappuser -j ACCEPT
    sudo iptables -P OUTPUT DROP
    thanks BkkBonanza, this is what i'm looking for!
    first i haven't considered to use sudo -u for launch the application!

    now i can forget the --pid-owner option!

    thanks everybody for the help!

  2. #12
    Join Date
    Feb 2005
    Boulder CO

    Re: iptables and --pid-owner option missing

    Another reason people want pid and/or uid information is to allow more detailed logging of connections. See e.g.

  3. #13
    Join Date
    Sep 2007
    Miami, FL

    Smile Re: iptables and --pid-owner option missing

    no longer participating in
    Last edited by MarkieB; April 16th, 2012 at 01:02 AM.

Page 2 of 2 FirstFirst 12

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts