Dropping users making output connections.

To: debian-user@lists.debian.org
Subject: Dropping users making output connections.
From: Sthu Deus <sthu.deus@gmail.com>
Date: Mon, 14 May 2012 20:49:52 +0700
Message-id: <[🔎] 4fb10d82.437d980a.136b.ffffe673@mx.google.com>

Good time of the day.


Whats' wrong w/ my set up (I want to allow output traffic for the users
that are in the allowed group only):

iptables -I OUTPUT 1 -m owner ! --gid-owner allowed -j DROP

but what I get is that all the users including those in the allowed
group are blocked.

If I write accepting rule for every user, like:

iptables -I OUTPUT 1 -m owner --uid-owner allowed-user1 -j ACCEPT

it works for them, but I prefer to significantly reduce the load by
simple rejection: drop if not in the list/group of allowed.


Thanks for Your time.

Reply to:

Follow-Ups:
- Re: Dropping users making output connections.
  - From: Pascal Hambourg <pascal@plouf.fr.eu.org>

Prev by Date: RE: server monitoring
Next by Date: Re: Wheezy: VLC player weirdness
Previous by thread: Re: server monitoring
Next by thread: Re: Dropping users making output connections.
Index(es):
- Date
- Thread