Re: Dropping users making output connections.

To: Sthu Deus <sthu.deus@gmail.com>
Cc: debian-user@lists.debian.org
Subject: Re: Dropping users making output connections.
From: Pascal Hambourg <pascal@plouf.fr.eu.org>
Date: Tue, 22 May 2012 00:46:59 +0200
Message-id: <[🔎] 4FBAC5E3.2000108@plouf.fr.eu.org>
In-reply-to: <[🔎] 4fb10d82.437d980a.136b.ffffe673@mx.google.com>
References: <[🔎] 4fb10d82.437d980a.136b.ffffe673@mx.google.com>

Hello,

Sthu Deus a écrit :
> 
> 
> Whats' wrong w/ my set up (I want to allow output traffic for the users
> that are in the allowed group only):
> 
> iptables -I OUTPUT 1 -m owner ! --gid-owner allowed -j DROP
> 
> but what I get is that all the users including those in the allowed
> group are blocked.

--gid-owner does not match /any/ group the user sending the packet
belongs to ; it matches the group id of the process sending the packet.
Unless you change it e.g. with newgrp, the current group id is the
user's default group id.

Reply to:

References:
- Dropping users making output connections.
  - From: Sthu Deus <sthu.deus@gmail.com>

Prev by Date: Re: Has anyone successfully installed Cinnamon in Debian?
Next by Date: Re: ..which CAD apps, was: OT: Google chrome stable question
Previous by thread: Dropping users making output connections.
Next by thread: Re: Dropping users making output connections.
Index(es):
- Date
- Thread