Dropping users making output connections.
Good time of the day.
Whats' wrong w/ my set up (I want to allow output traffic for the users
that are in the allowed group only):
iptables -I OUTPUT 1 -m owner ! --gid-owner allowed -j DROP
but what I get is that all the users including those in the allowed
group are blocked.
If I write accepting rule for every user, like:
iptables -I OUTPUT 1 -m owner --uid-owner allowed-user1 -j ACCEPT
it works for them, but I prefer to significantly reduce the load by
simple rejection: drop if not in the list/group of allowed.
Thanks for Your time.
Reply to: