[SOLVED] Block outgoing for particular user at particular time using iptables
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Block outgoing for particular user at particular time using iptables
I am using Ubuntu 12.04 LTS, and I wanted to block everything to particular user at particular time. For that I ran
iptables -I OUTPUT 1 -o eth0 -m owner --uid-owner 1002 -m time --timestart 12:00 --timestop 15:00 -j DROP
iptables -L OUTPUT
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere owner UID match user TIME from 12:00:00 to 15:00:00 UTC
ACCEPT all -- anywhere anywhere
My PC is having only one LAN interface i.e eth0 and expecting to block uid 1002. But nothing is blocked and if I login from username "user"(uid=1002) and try to browse, internet is working.
How can I block everything of outgoings to username "user" at particular time.
Any help would really be appreciated.
Thansk in advance for your kind help.
Are you aware of that time is set in UTC? Check bigger range ex. 01:00 - 23:00 if that working. If you change rules "by hand" with iptables command, then do not restart firewall, it will replace entries from some config file. Fot testing use only iptables command, it works immediately, until next reboot.
Unfortunately I'm not familiar with Ubuntu; its possible the ufw service uses a different cfg file.
Googling around I find it does have a different setup/cmds. You'll need to check this page https://wiki.ubuntu.com/Uncomplicate...UbuntuFirewall and read the relevant manual.
You may have to ask at Ubuntu's home site for clarifications, but do please post the soln here for others' benefit.
Are you aware of that time is set in UTC? Check bigger range ex. 01:00 - 23:00 if that working.
Thanks for the reply eSelix, I didn't understand "time is set in UTC" what does it mean in iptables?
iptables -R OUTPUT 1 -p tcp -m multiport --dports 80,443 -m time --timestart 01:00 --timestop 23:00 --weekdays Mo,Tu,We,Th,Fr -j DROP
But this time I didn't restart any service and the above rule worked great as I had expected(i.e apart from connecting port 80,443 everything(ping, ssh, etc... should work),
But I want some short time range i.e for maximum 2-3 hours then how can I write rule, please help.
That means this rule worked from the begining but your specified time range was incorrect. UTC means Universal Coordinated Time Maybe you known that world is divided into time zones. For example in Poland we have +1 hour to time in Greenwich (where meridian is 0) in India you have +05:30. We also have 1 additional hour on summer time. This is quite complicated to use when we need for example synchronize times, specify time for users in another time zone, etc. So the world use something universal, that is UTC, time common to whole world. And when you specify time in iptables your computer treat it defined as UTC. It is different than your local time. To get information what time you currently have in UTC you can write
So, if your timezone is UTC+5:30 then 15:30 (your local time) is 10:00 in UTC.
Thank you very much eSelix,
Good explanation about UTC.
I could successfully block particular outgoing at particular time for particular user. For that first I foung out the UTC time for particular local time by changing the local time that I want block from and till using
"sudo date mmddhhmmyyyy" (month, date, time[hour and minutes] and year)
then ran "date -u" command to find out currect UTC. And then according to that UTC, I could made a UTC time list that I want to block. So worked great as expected.
For example here is a rule I have made to block http and https to uid 1002 from 08:30 pm to 05:30 am(according to my area) on only Mon,Tue,Wed,Thu,Fri
Then logged in from "user" username and tried browsing but port 80 and 443 sites were not working. Tried from different users at same time and found everything is working. Then I changed time to then which is not in OUTPUT rule and then logged in using "user" userame and tried browsing everything was working.
This is what I had really expected, thank you very much eSelix.
Remember that these rules go away after reboot. If you use ufw, then it has somewhere in /etc/ufw script files for persistent changes. I don't known which, because do not using it, but it should be explained in manual.