User Group for Restricting Internet Access
I am using Red Hat 9. I would like to create a user group on my computer that would have no access to the Internet. I would like all other user groups to continue to be able to access the Internet. How would I set this up?
|
i dont know how redhat configures firewalls but according to my iptables man page there is a module called owner which can match packets on uid, gid, and pid. which is what you want but it is labelled experimental so i cant guarantee it working.
assuming everythings set up in your kernel and your iptables supports this module then something along the lines of iptables -A OUTPUT -m owner --gid-owner [insert group id] -j DROP will drop all packets coming from programs running with that group id. but as i know nothing about redhat i cant give you anything more specific. |
When I did this, the users in that group could not log in. It just hanged after the log in screen.
|
does redhat use the network device to login or boot up?
|
I honestly am not sure. I know that when the OS is booting up before the log in screen it mentions bringing up the eth0 and iptables firewall. However, I don't know what it does after one logs in.
|
hmm, well i don't know how redhat handles login's, but maybe you'll have to change that iptables rule to allow everyone to use address 127.0.0.1 , but I'm not sure...
|
SciYro souns like he has the right idea, do something like
iptables -I OUTPUT -o lo -j ACCEPT i would suggest reading some of the howto's at http://www.netfilter.org/ because writing your own firewall script isnt an easy task. |
All times are GMT -5. The time now is 01:53 AM. |