Quarantining an account from the Internet, or from all networking?

[Bill Sconce]

On Mon, 16 Aug 2010 16:56:32 -0400
Bill Sconce <sconce at in-spec-inc.com> wrote:

> Does anyone know of a way to prevent a Linux account from accessing
> the Internet?

Wow. Excellent. It looks like iptables may be the ticket. (If my
${very_untrusted_user_UID} is prevented from sending packets out
that does exactly the job needed. E.g., a user account which I
set up for reading PDFs can't send anything, no matter how
perniciously a PDF file has been crafted (and of course assuming
that the account is also nonprivileged etc.) then my objective
has been met.

I'll give iptables a try. It's at just the right level of brute-
forceness, and of Linuxness.

I love this list.


> 
> Many thanks!

Many more thanks!  I'll report back on results of testing.

I'll_report_back_on_results_of_testing'ly yrs,

Bill