When to use –socket-exists with iptables?

Pal Szasz asked:

I’m learning iptables and I have a hard time understanding when to use the “–socket-exists” option of the “owner” matcher. Could you explain what is the practical benefit of this option (with an example, if possible)?

My answer:

You would use --socket-exists to determine that a packet originated locally on the system, where outgoing packets are associated with a socket, instead of a forwarded packet that originated from another system, which has no associated socket.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.