X-Git-Url: http://git.onelab.eu/?p=iptables.git;a=blobdiff_plain;f=trunk%2Fextensions%2Flibxt_owner.man;fp=trunk%2Fextensions%2Flibxt_owner.man;h=0bc0c65438d8bde0df7d4a3d692ab4748130f91a;hp=0000000000000000000000000000000000000000;hb=65d1e3fdac47d3d758f6f018457c28d6f3f6306a;hpb=98c90cbcc6f660e13f9e7878bbb80dfc9d03ceae

diff --git a/trunk/extensions/libxt_owner.man b/trunk/extensions/libxt_owner.man
new file mode 100644
index 0000000..0bc0c65
--- /dev/null
+++ b/trunk/extensions/libxt_owner.man
@@ -0,0 +1,19 @@
+This module attempts to match various characteristics of the packet creator,
+for locally generated packets. This match is only valid in the OUTPUT and
+POSTROUTING chains. Forwarded packets do not have any socket associated with
+them. Packets from kernel threads do have a socket, but usually no owner.
+.TP
+[\fB!\fP] \fB--uid-owner\fP \fIusername\fP
+.TP
+[\fB!\fP] \fB--uid-owner\fP \fIuserid\fP[\fB-\fP\fIuserid\fP]
+Matches if the packet socket's file structure (if it has one) is owned by the
+given user. You may also specify a numerical UID, or an UID range.
+.TP
+[\fB!\fP] \fB--gid-owner\fP \fIgroupname\fP
+.TP
+[\fB!\fP] \fB--gid-owner\fP \fIgroupid\fP[\fB-\fR\fIgroupid\fP]
+Matches if the packet socket's file structure is owned by the given group.
+You may also specify a numerical GID, or a GID range.
+.TP
+[\fB!\fP] \fB--socket-exists\fP
+Matches if the packet is associated with a socket.