On Thu, Sep 28, 2000 at 11:33:30PM +0500, Abdul Basit wrote:
> Hey
> Is it possible to do user based packet filtering in *nix ?
> say i need to allow telnet access to all but i want to block port
> 80(outbound) to some users
> while allowing others ?
>
> something like packet filter checks first checks uid and then apply the
> exiting rule ?
netfilter (aka iptables) on linux includes "owner matching", so you may say:
iptables -A output -p tcp --dport 80 --uid-owner luser -j REJECT
AFAIK, there are patches against Linux 2.2 for netfilter. Linux 2.4 supports
it natively, but is IMHO not sufficiently stable.
>
> Basit
--
Johannes Kloos
"Is ucd-snmp year thread safe?"
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
