Quarantining an account from the Internet, or from all networking?
Chip Marshall
chip at 2bithacker.net
Mon Aug 16 17:11:40 EDT 2010
On 16-Aug-2010, Bill Sconce <sconce at in-spec-inc.com> sent:
> Does anyone know of a way to prevent a Linux account from accessing
> the Internet?
>
> E.g., setting a [per-user] gateway to nil, or setting permissions
> on some node along the path to eth0?
It appears that iptables has an 'owner' module that could be used to
limit traffic based on the socket's associated uid and/or gid.
iptables -A OUTPUT -m owner -j DROP --uid-owner username
I'm not terribly familiar with iptables, so someone else could probably
refine that a bit, perhaps limit it to the ethernet interfaces, so the
user can still talk to localhost sockets.
--
Chip Marshall <chip at 2bithacker.net>
http://weblog.2bithacker.net/ KB1QYW PGP key ID 43C4819E
v4sw5PUhw4/5ln5pr5FOPck4ma4u6FLOw5Xm5l5Ui2e4t4/5ARWb7HKOen6a2Xs5IMr2g6CM
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20100816/dc09f084/attachment.bin
More information about the gnhlug-discuss
mailing list