my ($user, $pid) = getuserfromtcp $ip, $tcp;
if ($user eq "luser" &&
($tcp->{flags} & SYN) && # SYN
!($tcp->{flags} & ACK) && # !ACK
$msg->outdev_name) # outbound
{
syslog "warning", "Blocking outbound connection attempt by $user";
$ipq->set_verdict($msg->packet_id, NF_DROP);
}
|