On Tuesday 27 October 2009 14:52:42 David Baron wrote: > On Sunday 18 October 2009 18:41:09 David Baron wrote: > > As undemocratic at it seems, sometimes it is necessary from some logins > > not to be able to access internet browsing and such. > > > > How might one set this up? > > The suggestion was made to use iptables, gui-owner --> drop. > > Iptables is "configured" at boot time, but this is not where it gets set > up. I use the kde3 program guarddog. Its rule set gets set into iptables on > ifup. I would need to add a rule there as well. > > Listing the rules yields a long, marginally comprehensible mess, > > Question would be: What rule to add? How it relates to all the others. I do > not really understand much of iptables. These may help: http://xkr47.outerspace.dyndns.org/netfilter/packet_flow/ http://xkr47.outerspace.dyndns.org/netfilter/packet_flow/packet_flow9.png http://ebtables.sourceforge.net/br_fw_ia/PacketFlow.png You might also want to hit up TLDP.org and you local manpages. Iptables is somewhat complex, but it is probably also one of the best documented sections of Linux administration. I can't help you with guarddog. I write my iptables rules by hand so they remain understandable. I can't stand the trash that most iptables rules generators produce. (Shorewall, I'm looking at you.) -- Boyd Stephen Smith Jr. ,= ,-_-. =. bss@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/
Attachment:
signature.asc
Description: This is a digitally signed message part.