[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: restricting outbound access?

On Wed, May 15, 2002 at 09:49:08PM -0500, Steve Meyer wrote:
> I have a question.  Is there any way to restrict outbound access for all but 
> a few users?  I know with iptables you can block outbound traffic completely 
> but that wont work in my situation.  There are about 150 users of my server 
> and only 3 of them need outbound access so I am kind of in a sticky 
> situation.  Any help would be greatly appreciated.

If you built your kernel with iptables and CONFIG_IP_NF_MATCH_OWNER,
you can add rules to your OUTPUT chain matching specific uids or gids.

It won't let you control who can receive data from the network, but it
will let you restrict who can send what.

William Aoki     waoki@umnh.utah.edu       /"\  ASCII Ribbon Campaign
B1FB C169 C7A6 238B 280B  <- key change    \ /  No HTML in mail or news!
99AF A093 29AE 0AE1 9734   prev. expired    X
                                           / \

To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: