iptables --cmd-owner

One of our customers is experiencing some problems using iptables in CentOS4. I wanted to put this out to the community to see if anyone could offer some help: (IP masked to protect the innocent)

> I am running the new 2.6.18-linode25 kernel and I am still having difficulties using the iptables owner match under CentOS 4. This exact syntax works fine on a real CentOS 4 machine with a current CentOS kernel.

It appears that this problem is specifically related to the –cmd-owner part of the owner match. The last two outputs leave the rest of the iptables command the same, but only uses one of the owner match parameters. See below.

[root@ ~]# iptables -A OUTPUT -s 64.62.231.x -o eth0 -p tcp -m tcp -m multiport –dports 21,80,443 -m state --state NEW -m owner --uid-owner xxx --cmd-owner yyy -j ACCEPT

iptables: Invalid argument

[root@ ~]# iptables -A OUTPUT -s 64.62.231.x -o eth0 -p tcp -m tcp -m state –state NEW -m owner --uid-owner xxx --cmd-owner yyy -j ACCEPT

iptables: Invalid argument

[root@ ~]# iptables -A OUTPUT -s 64.62.231.x -o eth0 -p tcp -m tcp -m multiport –dports 21,80,443 -m state --state NEW -m owner --cmd-owner yyy -j ACCEPT

iptables: Invalid argument

[root@ ~]# iptables -A OUTPUT -s 64.62.231.x -o eth0 -p tcp -m tcp -m multiport –dports 21,80,443 -m state --state NEW -m owner --uid-owner xxx -j ACCEPT

[root@ ~]#

So, –cmd-owner is failing, and I haven't been able to figure out what kernel patch (or config option) enables this feature. It looks like the iptables userspace app has support for this feature already.

Has anyone successfully used --cmd-owner iptables rules, or can point out some syntax problem?

Thanks,

--Tom