Re: Restricting Internet Access

To: "debian-user@lists.debian.org" <debian-user@lists.debian.org>
Subject: Re: Restricting Internet Access
From: "Todd A. Jacobs" <nospam@codegnome.org>
Date: Tue, 27 Oct 2009 19:38:47 -0700
Message-id: <[🔎] 20091028023847.GK3827@penguin.codegnome.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 200910272152.42996.d_baron@012.net.il>
References: <[🔎] 200910272152.42996.d_baron@012.net.il>

On Tue, Oct 27, 2009 at 09:52:42PM +0200, David Baron wrote:

> Iptables is "configured" at boot time, but this is not where it gets

I don't think iptables is really your answer, by itself. What you're
really trying to do most likely requires you to set up an authenticating
proxy server on a separate bastion host. Still, if you want to do your
blocking on a single host, a little Googling around might yield some
useful results. For example, two seconds of searching found:

    http://www.cyberciti.biz/tips/block-outgoing-network-access-for-a-single-user-from-my-server-using-iptables.html

I haven't explored the matter much further, but if the post is right, it
certainly looks like your best bet would be to whitelist only the users
you want to have TCP/IP access, and add a general DROP rule for everyone
else.

-- 
"Oh, look: rocks!"
	-- Doctor Who, "Destiny of the Daleks"

Reply to:

References:
- Re: Restricting Internet Access
  - From: David Baron <d_baron@012.net.il>

Prev by Date: Re: HP G60-249WM Notebook overheats (on lenny)
Next by Date: Re: Wondering about doing something strange with networking
Previous by thread: Re: Restricting Internet Access
Next by thread: Re: Restricting Internet Access
Index(es):
- Date
- Thread