iptables – Czit notes

iptables – simple network sandbox

przez kszyh | 5 lipca 2017 - 16:56 |5 lipca 2017 Lifehacking, Linux

Create user 'restricted’. That user can connect only to localhost (sometimes usefully), no other connection can be established from this account.

iptables -A OUTPUT -d 127.0.0.1 -m owner --uid-owner restricted -j ACCEPT
iptables -A OUTPUT -p all -m owner --uid-owner restricted -j DROP

1 2	iptables -A OUTPUT -d 127.0.0.1 -m owner --uid-owner restricted -j ACCEPT iptables -A OUTPUT -p all -m owner --uid-owner restricted -j DROP

Alternatively it can be done for a specific group (in this case: security)

iptables -A OUTPUT -p all -m owner --gid-owner security -j DROP

1	iptables -A OUTPUT -p all -m owner --gid-owner security -j DROP