Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I would like to block internet access on my son's user account.
Our family shares one computer running Suse 9.1 with DSL internet access through a router. There is no other networking. Everybody has their own sign-on and password. I would like my son to be able to use the computer without supervision, and the only way I'll feel safe doing so is if he can't get on the Internet. Is there an easy way to do this?
I rarely use command prompt, so I would appreciate some detail in any replies involving commands Thanks.
Thanks. I checked the link, and apparently censornet would require me to go out and buy another computer:
"CensorNet is a Debian-based Linux distribution in its own right and must be installed on a *dedicated* machine with a minimum of two Ethernet adapters."
for every browser, create a group "newgroup."
addusrs to it, everybody except your son.
"other" has no right to execute these browsers.
members of "newgroup" has the right.
#chmod (for ex.) 776 mozilla
Thanks, capybara. Sounds great. The only thing is he won't be able to use konqueror, which is also a file manager. But I think I can come up with something else for that.
That still wouldn't prevent him from using other programs like Xchat, gaim, & etc. Since you only have the single PC and since everyone has to logon as themselves to use, you could write a shell script to disable the network card, or modem whatever the case may be, when he logs on and to bring it up for everyone else. Course that will require you know your way around linux pretty well.
Originally posted by Capt_Caveman You can also use the iptables userid match and block all outgoing traffic initiated by that user. General syntax for userid blocking is:
Originally posted by jimk Thanks, Capt.! A quick newbie question: Would <external_interface> be eth0?
Depends. Normally yes, but on some systems this can be eth1 or a ppp interface. Using the ifconfig command should show you a list of interfaces that are currently up. Whichever IP address corresponds to your internet connection will be the proper external interface
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.