Results 1 to 3 of 3

Thread: iptables --match owner

  1. #1
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    3

    Default iptables --match owner

    Hallo all!

    BT4 final, trying to set up firewall to deny DNS leaks when using Tor.
    I want to run Tor as user "daemon" and allow only this user to communicate:

    iptables --insert OUTPUT --match owner --uid-owner daemon --jump ACCEPT

    responded:

    iptables: No chain/target/match by that name


    I looked around and noticed that in /lib/modules/2.6.30.9/kernel/net/ipv4/netfilter where are modules for iptables isn't ipt_owner.ko module (and some others, compared to BackTrack 3).

    What to do to make "iptables --match owner" working?

    Dali

  2. #2
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    3

    Default Re: iptables --match owner

    I find out that there is in BT4 kernel configuration disabled compilation of "match owner" extension for iptables. (why?)
    After compilation of it and running depmod it is working.

    Dali

  3. #3
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default Re: iptables --match owner

    Quote Originally Posted by da410li View Post
    (why?)
    Because at a guess BT isn't meant to be a desktop distro? I don't know.

    For those of you trying not to recompile stuff:
    Code:
    iptables -A OUTPUT -p tcp -d tornodeip --dport torport -j ACCEPT
    iptables -A OUTPUT -j DROP
    You will need to correct the two commands slightly to ensure that they work, but the gist is there. You could also have just done something similar to:
    Code:
    iptables -A OUTPUT -p tcp --dport 53 -j DROP
    iptables -A OUTPUT -p udp --dport 53 -j DROP
    Technically all of the information lookups should be pushed through Tor - that's what privoxy and the like are for - the only information leaving your machine should be to the tor server and port.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

Similar Threads

  1. Replies: 7
    Last Post: 02-05-2010, 07:40 AM
  2. iptables reset?
    By Mr-Protocol in forum Beginners Forum
    Replies: 2
    Last Post: 01-25-2010, 01:18 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •