Linode Forum :: iptables --cmd-owner

I am running the new 2.6.18-linode25 kernel and I am still having difficulties using the iptables owner match under CentOS 4. This exact syntax works fine on a real CentOS 4 machine with a current CentOS kernel.

It appears that this problem is specifically related to the --cmd-owner part of the owner match. The last two outputs leave the rest of the iptables command the same, but only uses one of the owner match parameters. See below.

[root@ ~]# iptables -A OUTPUT -s 64.62.231.x -o eth0 -p tcp -m tcp -m multiport --dports 21,80,443 -m state --state NEW -m owner --uid-owner xxx --cmd-owner yyy -j ACCEPT
iptables: Invalid argument
[root@ ~]# iptables -A OUTPUT -s 64.62.231.x -o eth0 -p tcp -m tcp -m state --state NEW -m owner --uid-owner xxx --cmd-owner yyy -j ACCEPT
iptables: Invalid argument
[root@ ~]# iptables -A OUTPUT -s 64.62.231.x -o eth0 -p tcp -m tcp -m multiport --dports 21,80,443 -m state --state NEW -m owner --cmd-owner yyy -j ACCEPT
iptables: Invalid argument
[root@ ~]# iptables -A OUTPUT -s 64.62.231.x -o eth0 -p tcp -m tcp -m multiport --dports 21,80,443 -m state --state NEW -m owner --uid-owner xxx -j ACCEPT
[root@ ~]#

Author:	tasaro [ Tue Dec 19, 2006 12:58 pm ]
Post subject:	iptables --cmd-owner
One of our customers is experiencing some problems using iptables in CentOS4. I wanted to put this out to the community to see if anyone could offer some help: (IP masked to protect the innocent) Quote: I am running the new 2.6.18-linode25 kernel and I am still having difficulties using the iptables owner match under CentOS 4. This exact syntax works fine on a real CentOS 4 machine with a current CentOS kernel. It appears that this problem is specifically related to the --cmd-owner part of the owner match. The last two outputs leave the rest of the iptables command the same, but only uses one of the owner match parameters. See below. [root@ ~]# iptables -A OUTPUT -s 64.62.231.x -o eth0 -p tcp -m tcp -m multiport --dports 21,80,443 -m state --state NEW -m owner --uid-owner xxx --cmd-owner yyy -j ACCEPT iptables: Invalid argument [root@ ~]# iptables -A OUTPUT -s 64.62.231.x -o eth0 -p tcp -m tcp -m state --state NEW -m owner --uid-owner xxx --cmd-owner yyy -j ACCEPT iptables: Invalid argument [root@ ~]# iptables -A OUTPUT -s 64.62.231.x -o eth0 -p tcp -m tcp -m multiport --dports 21,80,443 -m state --state NEW -m owner --cmd-owner yyy -j ACCEPT iptables: Invalid argument [root@ ~]# iptables -A OUTPUT -s 64.62.231.x -o eth0 -p tcp -m tcp -m multiport --dports 21,80,443 -m state --state NEW -m owner --uid-owner xxx -j ACCEPT [root@ ~]# So, --cmd-owner is failing, and I haven't been able to figure out what kernel patch (or config option) enables this feature. It looks like the iptables userspace app has support for this feature already. Has anyone successfully used --cmd-owner iptables rules, or can point out some syntax problem? Thanks, --Tom

Author:	tronic [ Wed Jan 10, 2007 3:14 am ]
Post subject:
Do you see something like this? Code: % gzcat /proc/config.gz \| grep -i owner CONFIG_IP_NF_MATCH_OWNER=y CONFIG_IP6_NF_MATCH_OWNER=y

Linode Forum https://forum.linode.com/

iptables --cmd-owner https://forum.linode.com/viewtopic.php?f=19&t=2540	Page 1 of 1

Page 1 of 1	All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/