1 This module attempts to match various characteristics of the packet 2 creator, for locally-generated packets. It is only valid in the 3 .B OUTPUT 4 chain, and even this some packets (such as ICMP ping responses) may 5 have no owner, and hence never match. 6 .TP 7 .BI "--uid-owner " "userid" 8 Matches if the packet was created by a process with the given 9 effective user id. 10 .TP 11 .BI "--gid-owner " "groupid" 12 Matches if the packet was created by a process with the given 13 effective group id. 14 .TP 15 .BI "--pid-owner " "processid" 16 Matches if the packet was created by a process with the given 17 process id. 18 .TP 19 .BI "--sid-owner " "sessionid" 20 Matches if the packet was created by a process in the given session 21 group. 22 .TP 23 .BI "--cmd-owner " "name" 24 Matches if the packet was created by a process with the given command name. 25 (this option is present only if iptables was compiled under a kernel 26 supporting this feature) 27 .TP 28 .B NOTE: pid, sid and command matching are broken on SMP 29
