The uid information is not contained in the headers so no you can't. I've used this match on ltsp servers to send students through an anonymous proxy/content filter while allowing teachers unfiltered access.
Thanks, -- Cory Oldford PeaceWorks Computer Consulting #2 - 396 Assiniboine Ave, Winnipeg 204 480 0314 --or-- 519 725 7875, ext 610. ----- Original Message ----- From: "Cory Oldford" <[email protected]> To: "Bjoern Meier" <[email protected]> Sent: Wednesday, October 21, 2009 11:20:14 AM GMT -06:00 US/Canada Central Subject: Re: Match owner Exactly the point I was making. No there is no way to verify this. The TCP/UDP/Ethernet headers do no contain that information. -- Cory Oldford PeaceWorks Computer Consulting #2 - 396 Assiniboine Ave, Winnipeg 204 480 0314 --or-- 519 725 7875, ext 610. ----- Original Message ----- From: "Bjoern Meier" <[email protected]> To: [email protected] Sent: Wednesday, October 21, 2009 11:01:06 AM GMT -06:00 US/Canada Central Subject: Re: Match owner hi, 2009/10/21 Pascal Hambourg < [email protected] > [Sent back on the list. Please pay attention to the recipient address.] Cory Oldford a écrit : > Is the traffic originating from a process on the machine with the firewall? Of course. The OUTPUT chain sees only packets generated by local processes. This is why the "owner" match is valid only in this chain. mh ok. Well, the packet IN-if is ppp0 and the OUT-if is eth2. The user is a winbind mapped user-id. Last and ac can both map the user-id with the username, so my hope was iptables could this do, too. So routing-packets have no localuser-owner? Greetings, Björn -- To boldly go where no man has gone before ... I'll wait there with touristinformation -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
