Re: Restricting Internet Access
On Tue, Oct 27, 2009 at 09:52:42PM +0200, David Baron wrote:
> Iptables is "configured" at boot time, but this is not where it gets
I don't think iptables is really your answer, by itself. What you're
really trying to do most likely requires you to set up an authenticating
proxy server on a separate bastion host. Still, if you want to do your
blocking on a single host, a little Googling around might yield some
useful results. For example, two seconds of searching found:
http://www.cyberciti.biz/tips/block-outgoing-network-access-for-a-single-user-from-my-server-using-iptables.html
I haven't explored the matter much further, but if the post is right, it
certainly looks like your best bet would be to whitelist only the users
you want to have TCP/IP access, and add a general DROP rule for everyone
else.
--
"Oh, look: rocks!"
-- Doctor Who, "Destiny of the Daleks"
Reply to: