Re: restricting outbound access?

To: debian-security@lists.debian.org
Subject: Re: restricting outbound access?
From: Will Aoki <waoki@umnh.utah.edu>
Date: Wed, 15 May 2002 21:39:43 -0600
Message-id: <[🔎] 20020515213943.B11856@umnh.utah.edu>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] F16A6T3k4PTBOXcsLJw000021e9@hotmail.com>; from steve11523@hotmail.com on Wed, May 15, 2002 at 09:49:08PM -0500
References: <[🔎] F16A6T3k4PTBOXcsLJw000021e9@hotmail.com>

On Wed, May 15, 2002 at 09:49:08PM -0500, Steve Meyer wrote:
> I have a question.  Is there any way to restrict outbound access for all but 
> a few users?  I know with iptables you can block outbound traffic completely 
> but that wont work in my situation.  There are about 150 users of my server 
> and only 3 of them need outbound access so I am kind of in a sticky 
> situation.  Any help would be greatly appreciated.

If you built your kernel with iptables and CONFIG_IP_NF_MATCH_OWNER,
you can add rules to your OUTPUT chain matching specific uids or gids.

It won't let you control who can receive data from the network, but it
will let you restrict who can send what.

-- 
William Aoki     waoki@umnh.utah.edu       /"\  ASCII Ribbon Campaign
B1FB C169 C7A6 238B 280B  <- key change    \ /  No HTML in mail or news!
99AF A093 29AE 0AE1 9734   prev. expired    X
                                           / \


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- restricting outbound access?
  - From: "Steve Meyer" <steve11523@hotmail.com>

Prev by Date: RE: RE:restricting outbound access?
Next by Date: Re: snort not recognizing dns server correctly
Previous by thread: Re: restricting outbound access?
Next by thread: RE: restricting outbound access?
Index(es):
- Date
- Thread