from doing "man iptables" there is the following:
--uid-owner
userid
i dont know how to use this...but it's there. It was in the MATCH EXTENSIONS section ( -m ) but i couldnt get it to work.
Code:
from man iptables
owner
This module attempts to match various characteristics of the packet creator, for locally-generated
packets. It is only valid in the OUTPUT chain, and even this some packets (such as ICMP ping
responses) may have no owner, and hence never match.
--uid-owner userid
Matches if the packet was created by a process with the given effective user id.
--gid-owner groupid
Matches if the packet was created by a process with the given effective group id.
--pid-owner processid
Matches if the packet was created by a process with the given process id.
--sid-owner sessionid
Matches if the packet was created by a process in the given session group.
--cmd-owner name
Matches if the packet was created by a process with the given command name. (this option
is present only if iptables was compiled under a kernel supporting this feature)
i tried this and it didnt work :
iptables -A OUTPUT -m owner --uid-owner 0 -j ACCEPT
(to allow all output by root user)...gave me Invalid