Index of /~baro/sw/var/netfilter
      Name                     Last modified       Size  Description

[DIR] Parent Directory 08-Nov-2006 16:00 - [TXT] 2.4.33.3.--log-uid.patch 10-Oct-2006 16:33 2k

Enable "iptables -j LOG --log-uid" on 2.4 kernel (not supported by default, 2.4 is in maintenance-only mode).

	cd /path/to/linux-2.4.33.3
	patch -p2 < /path/to/2.4.33.3.--log-uid.patch

Usage example:

	-A OUTPUT -o lo -j ACCEPT
	-A OUTPUT -m udp -p udp --dport 53 -s $MYIP -d $MYDNS -j ACCEPT 
	-A OUTPUT -m owner --uid-owner root -j ACCEPT
	-A OUTPUT -m tcp -p tcp ! --syn -m state --state ESTABLISHED,RELATED -j ACCEPT
	-A OUTPUT -m tcp -p tcp --tcp-flags SYN,ACK,FIN,RST RST -j ACCEPT
	-A OUTPUT -m limit --limit 5/minute --limit-burst 60 -j LOG --log-level warn --log-prefix "iptables: outdrop: " --log-uid
	-A OUTPUT -j DROP

Note:
	--log-uid cannot work on INPUT chain, sockets for incoming packets are not owned by users
	--log-uid on OUTPUT reports 0 for icmp (setuid) and some packets directly handled by kernel (e.g. tcp RST, icmp echo-reply, ...)