iptables rule

bkcreddy17 · 01-20-2009, 05:50 AM

Hi,
Plaese any body clarify my doubt in this rule. I want to restrict whose uid is 501 from outgoing to port number 22.This blocks all.

Code:

$ sudo /sbin/iptables -t filter -A OUTPUT -m owner --uid-owner 501 -j DROP

I tried like this but, no result.

Code:

$ sudo /sbin/iptables -t filter -A OUTPUT -p tcp -m owner --uid-owner 501 --sport 22 -j DROP

and

Code:

$ sudo /sbin/iptables -t filter -A OUTPUT -p tcp -o eth0 -m owner --uid-owner 501 -s 0/0 --sport 22 -j DROP

What will be the rule?

acid_kewpie · 01-20-2009, 06:29 AM

You'd want a dport, not an sport. the source port will just be a random ephemeral number.

bkcreddy17 · 01-20-2009, 06:38 AM

Thank you. Got it by
$ sudo /sbin/iptables -t filter -A OUTPUT -p tcp -o eth0 -m owner --uid-owner 501 -s 0/0 --dport 22 -j DROP