Some might think it bad form for me to use a tool I haven't covered in any previous columns (i.e., Stunnel) to illustrate use of the column's actual subject (iptables). Obviously, I'm hoping nobody will be so distracted by Stunnel that it detracts from their appreciation of owner matching.
My reason for using Stunnel is that it's both popular and flexible, and because Stunnel users in particular have an obvious need for the iptables functionality I'm covering here. If you've never used Stunnel but have been wondering how to secure, for example, your IMAP or TN3270 transactions transparently, I hope these examples will whet your appetite enough to learn more on your own. The best source of information on Stunnel (including documentation and the latest source code) is www.stunnel.org.
If, on the other hand, you couldn't care less about tunneling but wish to restrict local users' access to any process that listens to a local TCP or UDP port, replace the word “stunnel” with the name of your dæmon of choice for the rest of this article, and things will work pretty much the same.