How to block a certain user from accessing the internet

darkone66669 · 12-01-2006, 06:41 AM

I need to know if there is a way to block a certain user from accessing the internet. I am using Mandriva 2006. It is installed on my home computer and everybody in the house has their own login including my 7 yr old son. I'd like to know if I can keep him from being able to access the internet without having to look over his shoulder every second hes on it. Since we are all using the same machine I can't use any IP blocking methods. any help would be greatly appreciated since my son loves linux and I would hate to kill his account.

Nathanael · 12-01-2006, 06:49 AM

run a script that clears the default route when your son logs on, and restores it when your son logs off

sarajevo · 12-01-2006, 07:25 AM

Or make some iptables rule that will allow only some users to start internet connection...or make some other rule that will disable network interface when some user log on ... ( your son for example )

Regards

Nathanael · 12-01-2006, 07:28 AM

as far as i know there is not way of writing iptables rules to block a certain 'user'!! iptables works on a different layer!

sarajevo · 12-01-2006, 07:42 AM

Quote:

Originally Posted by Nathanael

as far as i know there is not way of writing iptables rules to block a certain 'user'!! iptables works on a different layer!

not really
to darkone66669 ,,, first do

id your_son_login_id... you will get some number, for root il look like
id root

uid=0(root) gid=0(root) groups=0(root)
so means instead of root enter login name of your son, ....
check first have you iptables installed on your system, I suppose you have, check it using

iptables -L -n
you should receive output like
TheRocket:/# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
TheRocket:/#
...

then open vi editor and write this ...

iptables -A OUTPUT -m owner --uid-owner 1000 -p all -j DROP

1000 is my id, you should put there id you receive as output of id command... save that file,
chmod 755 file_of_rule.sh

and execute it using ./file_of_rule.sh every time before your son want to use internet
or easier put it inside /etc/rc.d....... I do not exactly to where are init scripts on Mandriva and make it execute every time you switch on computer,

I home this helps.

Regards

live_dont_exist · 12-01-2006, 12:37 PM

I'm no iptables whiz but there could be a very simple solution to the above problem..

Put a commnd in your son's .bash_profile which says
"ifconfig eth0 down". So each time he logs in the network inerface will get disabled.

Putting stuff in /etc/rc.d will make it global..not sure thats what you want.

Cheers
Arvind