Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 03-30-2009, 09:11 PM   #1
LQ Newbie
Registered: Mar 2009
Posts: 4

Rep: Reputation: 0
traffic monitor per user (like BSD IPF uid rules)


I'm looking for a way to monitor the IP traffic form a local unix user (running an application).

I used to do it on freebsd with the following rules in ipfw and parse the counters:
ipfw -q add 1500 pass all from any to any uid UNIXUSER in via xl0
ipfw -q add 1510 pass all from any to any uid UNIXUSER out via xl0

I can't find a way to do it with iptables or any other means on linux ?
Do you guys have a clue on how i could do it.

just in case you asked, this user runs a daemon and multiple scripts. It listens on one port but connects to many clients on a variety of ports. So it's a nightmare to create rules to capture it's traffic. That's why i used the user level on BSD (which, sadly I'm not running on this server).

Old 04-01-2009, 02:41 AM   #2
Registered: Feb 2008
Location: JHB South Africa
Distribution: Centos, Kubuntu, Cross LFS, OpenSolaris
Posts: 806

Rep: Reputation: 41
iptables can match traffic on user id, group id, process id, session id, command owner, the last three may be broken on SMP kernels though.
Old 04-02-2009, 01:48 AM   #3
LQ Newbie
Registered: Mar 2009
Posts: 4

Original Poster
Rep: Reputation: 0
thanks, somehow i missed it.

It tried (with many variations)
iptables -A INPUT -m owner --uid-owner 1001 -j ACCEPT
and i got
iptables: Invalid argument
dmesg : ip_tables: owner match: bad hook_mask 2/24

iptables -V >> iptables v1.4.0

I check the doc and it seems that only OUPUT is supported. They say it's hard to know who owns an incoming socket: well is you have a daemon running and listening it should not be that hard. It works fine on BSD.

Anyway, too bad this feature hasn't been implemented.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
monitor sftp traffic per user gernonimo Linux - Networking 3 03-22-2009 05:44 PM
iptables rules to bridge traffic scheidel21 Linux - Networking 2 08-31-2007 12:05 PM
ipf rules for web linuxtesting2 Solaris / OpenSolaris 1 04-07-2007 02:03 AM
ipf rules linuxtesting2 Solaris / OpenSolaris 2 03-30-2007 09:56 AM
LXer: PC-BSD : A user friendly BSD flavor geared for the desktop LXer Syndicated Linux News 0 02-04-2006 03:01 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:52 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration