# ipt_owner crippled

## Oxidative

After upgrading my 2.6.12 kernel to 2.6.14 my iptables script stopped working. Kernel is shouting

 *Quote:*   

> ipt_owner: pid, sid and command matching not supported anymore

 

I was using the ipt_owner command filter to limit network traffic for specific applications. Looks like the kernel devs decided to strip this very useful functionality because it didn't work with SMP. How am I supposed to use filters on a per-application base without "command" support in ipt_owner? I've looked around but no one seems to miss this except me   :Confused: 

----------

## kos

I'm also interested in any solution..

----------

## Oxidative

bump  :Confused: 

----------

## alligator421

I also found it quite odd so few complaints about that kernel move.

It took me some time to figure out why iptables exploded at me with such an obscure error like bad argument (to iptables) after kernel upgrade to 2.6.14

I quickly dowgraded to 2.6.12

2.6.14 no go   :Evil or Very Mad: 

----------

## alligator421

bump

----------

## alligator421

Any news about that or a workaround ?

----------

## assaf

I'm using this feature too (it gives me personal firewall capabilities). It didn't explode anything though (i'm using iptables through shorewall), I suppose it simply stopped filtering.

Anyway, how do you know that the feature was dropped due to problems with SMP? If this is the case, someone might be working on fixing it for a future kernel release.

----------

## Oxidative

Just take a look at the changes:

```
-               printk("ipt_owner: pid, sid and command matching is broken "

-                      "on SMP.\n");

+               printk("ipt_owner: pid, sid and command matching "

+                      "not supported anymore\n"); 
```

Since this has been bemoved on 2.6.13 and we're at 2.6.16 already without seeing anything in that direction I doubt that someone is working on this problem.

----------

## alligator421

Any news about that stuff lately ?

I'm getting tired of messing/backporting kernel code on every stable gentoo-sources releases.

----------

