Quarantining an account from the Internet, or from all networking?
Tom Buskey
tom at buskey.name
Tue Aug 17 11:26:35 EDT 2010
Do other users need to be on the same system w/o restrictions?
If not, I'd create a VM (or physical system if you have $$) with its
own firewall and only that user. Block everything in/out except
what's needed. Run only that app in there. If some sites are
allowed, add a proxy to restrict that.
Choice of VM + firewall lft to the user.
On 8/16/10, Bill Sconce <sconce at in-spec-inc.com> wrote:
> On Mon, 16 Aug 2010 16:56:32 -0400
> Bill Sconce <sconce at in-spec-inc.com> wrote:
>
>> Does anyone know of a way to prevent a Linux account from accessing
>> the Internet?
>
> Wow. Excellent. It looks like iptables may be the ticket. (If my
> ${very_untrusted_user_UID} is prevented from sending packets out
> that does exactly the job needed. E.g., a user account which I
> set up for reading PDFs can't send anything, no matter how
> perniciously a PDF file has been crafted (and of course assuming
> that the account is also nonprivileged etc.) then my objective
> has been met.
>
> I'll give iptables a try. It's at just the right level of brute-
> forceness, and of Linuxness.
>
> I love this list.
>
>
>>
>> Many thanks!
>
> Many more thanks! I'll report back on results of testing.
>
> I'll_report_back_on_results_of_testing'ly yrs,
>
> Bill
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>
--
Sent from my mobile device
More information about the gnhlug-discuss
mailing list