Quarantining an account from the Internet, or from all networking?
Thomas Charron
twaffle at gmail.com
Mon Aug 16 19:01:45 EDT 2010
On Mon, Aug 16, 2010 at 6:47 PM, Benjamin Scott <dragonhawk at gmail.com> wrote:
> On Mon, Aug 16, 2010 at 6:30 PM, Michael ODonnell
> <michael.odonnell at comcast.net> wrote:
>> There's no notion of UID associated with
>> an IP packet so once it's in transit it's not straightforward
>> to know who "owns" it ...
>
> I've never looked into this, so I don't know if/how it works, but if
> NetFilter is smart enough to look at who owns the associated socket,
> it should work. Packets don't have owners, true, but a packet without
> a socket is rather like the sound of one hand clapping...
Internally, packets do have owners. Specifically, the application.
When using iptables, it filters based on the app which is trying to
generate it, and the uid and gid that it is running under.
--
-- Thomas
More information about the gnhlug-discuss
mailing list