On Thu, 28 Sep 2000, Johannes Kloos wrote:
> On Thu, Sep 28, 2000 at 11:33:30PM +0500, Abdul Basit wrote:
> > Hey
> > Is it possible to do user based packet filtering in *nix ?
> > say i need to allow telnet access to all but i want to block port
> > 80(outbound) to some users
> > while allowing others ?
> >
> > something like packet filter checks first checks uid and then apply the
> > exiting rule ?
>
> netfilter (aka iptables) on linux includes "owner matching", so you may say:
>
> iptables -A output -p tcp --dport 80 --uid-owner luser -j REJECT
>
> AFAIK, there are patches against Linux 2.2 for netfilter. Linux 2.4 supports
> it natively, but is IMHO not sufficiently stable.
>
How well does a 2.2.x kernel run with such patches for the ipfilter
package? Does this kernel and the patches/package seem pretty stable?
Thanks,
Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
