|
Firewall Wizards
mailing list archives
Re: IPTables logging target: show pid/program name?
From: "Chris de Vidal" <chris () devidal tv>
Date: Sat, 15 Nov 2003 15:41:03 -0500 (EST)
William Stearns said:
The "owner" match module could be used to check what
application/uid created the packet. This can only be used in the OUTPUT
and POSTROUTING chains, but that's perfect for what you need.
Looks like exactly what I need.
I'm sure someone might need to see a previously-unknown application. I
block outbound as well as inbound on my servers and I would like to know
if I have a trojan... without knowing the name, the above wouldn't give me
more information, other than alerting me to be suspicious.
But that's just icing on the cake; the above rules will be very helpful.
Thank you very much!!
/dev/idal
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
| 
Intro
