When to use –socket-exists with iptables?

on

Pal Szasz asked:

I’m learning iptables and I have a hard time understanding when to use the “–socket-exists” option of the “owner” matcher. Could you explain what is the practical benefit of this option (with an example, if possible)?

My answer:

You would use --socket-exists to determine that a packet originated locally on the system, where outgoing packets are associated with a socket, instead of a forwarded packet that originated from another system, which has no associated socket.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Related Post

Swapfile mount (/etc/fstab): "swap swap" or "none swap"

Nginx config should I deny requests that are missing the accept header

Problems with improper vhosts configuration on Apache 2 / Ubuntu 14.04

Nginx & PHP-FPM – .php File not found – Can't figure out why

uWSGI on ubuntu 18 suddenly fails when –never-swap specified

Can't install Mysql on Linux — Mysql website failing?