Hi,
I'm currently using the ipt_owner module to enforce
stronger outgoing packet
filtering on certain daemons. I create a custom chain with
the stronger
rules and use '-m owner' to jump packets into the chain.
This works fine for UDP and TCP, but my outgoing ICMP
packets never match
the rule. I understand why incoming ICMP should fail to
match, but why are
outgoing packets missing the filter?
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
acctboth all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
apache-output all -- anywhere anywhere
OWNER UID
match
iptest
Chain apache-output (1 references)
target prot opt source destination
DROP icmp -- anywhere anywhere
(nothing in the acctboth chain causes a jump)
Any ideas?
--
Jay L.T. Cornwall, http://www.esuna.co.uk/~
jay/
PhD Student
Imperial College bond
|