extensions/libxt_cgroup.man - maze/iptables - Git at Google

 .TP
 [\fB!\fP] \fB\-\-cgroup\fP \fIfwid\fP
 Match corresponding cgroup for this packet.

 Can be used to assign particular firewall policies for aggregated
 task/jobs on the system. This allows for more fine-grained firewall
 policies that only match for a subset of the system's processes.
 fwid is the maker set through the net_cls cgroup's id.
 .PP
 Example:
 .PP
 iptables \-A OUTPUT \-p tcp \-\-sport 80 \-m cgroup ! \-\-cgroup 1
 \-j DROP
 .PP
 Available since Linux 3.14.
	.TP
	[\fB!\fP] \fB\-\-cgroup\fP \fIfwid\fP
	Match corresponding cgroup for this packet.

	Can be used to assign particular firewall policies for aggregated
	task/jobs on the system. This allows for more fine-grained firewall
	policies that only match for a subset of the system's processes.
	fwid is the maker set through the net_cls cgroup's id.
	.PP
	Example:
	.PP
	iptables \-A OUTPUT \-p tcp \-\-sport 80 \-m cgroup ! \-\-cgroup 1
	\-j DROP
	.PP
	Available since Linux 3.14.