User Group for Restricting Internet Access
 

I am using Red Hat 9. I would like to create a user group on my computer that would have no access to the Internet. I would like all other user groups to continue to be able to access the Internet. How would I set this up?

i dont know how redhat configures firewalls but according to my iptables man page there is a module called owner which can match packets on uid, gid, and pid. which is what you want but it is labelled experimental so i cant guarantee it working.

assuming everythings set up in your kernel and your iptables supports this module then something along the lines of

iptables -A OUTPUT -m owner --gid-owner [insert group id] -j DROP

will drop all packets coming from programs running with that group id. but as i know nothing about redhat i cant give you anything more specific.

When I did this, the users in that group could not log in. It just hanged after the log in screen.

does redhat use the network device to login or boot up?

I honestly am not sure. I know that when the OS is booting up before the log in screen it mentions bringing up the eth0 and iptables firewall. However, I don't know what it does after one logs in.

hmm, well i don't know how redhat handles login's, but maybe you'll have to change that iptables rule to allow everyone to use address 127.0.0.1 , but I'm not sure...

SciYro souns like he has the right idea, do something like

iptables -I OUTPUT -o lo -j ACCEPT

i would suggest reading some of the howto's at http://www.netfilter.org/ because writing your own firewall script isnt an easy task.