Re: Dropping users making output connections.
Hello,
Sthu Deus a écrit :
>
>
> Whats' wrong w/ my set up (I want to allow output traffic for the users
> that are in the allowed group only):
>
> iptables -I OUTPUT 1 -m owner ! --gid-owner allowed -j DROP
>
> but what I get is that all the users including those in the allowed
> group are blocked.
--gid-owner does not match /any/ group the user sending the packet
belongs to ; it matches the group id of the process sending the packet.
Unless you change it e.g. with newgrp, the current group id is the
user's default group id.
Reply to: