[fw-wiz] Re: IPTables logging target: show pid/program name?
From: Chris de Vidal (chris_at_devidal.tv)
To: "William Stearns" <firstname.lastname@example.org> Date: Sat, 15 Nov 2003 15:41:03 -0500 (EST)
William Stearns said:
> The "owner" match module could be used to check what
> application/uid created the packet. This can only be used in the OUTPUT
and POSTROUTING chains, but that's perfect for what you need.
Looks like exactly what I need.
I'm sure someone might need to see a previously-unknown application. I
block outbound as well as inbound on my servers and I would like to know
if I have a trojan... without knowing the name, the above wouldn't give me
more information, other than alerting me to be suspicious.
But that's just icing on the cake; the above rules will be very helpful.
Thank you very much!!
firewall-wizards mailing list