On 13/08/2012 15:25, Qian Zhang wrote:
Allow connections too localhost for uid0 then block to anything else
Can you please let me know the logic behind this? Basically, I want to
block any non-root user to access network.
Thanks,
Qian
sorry I misread.
The issue is that some services/daemons dont run as root but as normal
system accounts and by blocking access too all non root users, you
effectively block these services from working further alot of local
services/daemons use 127.0.0.1/localhost too connect to and there isnt
any benefit in blocking access to localhost.
my suggestion is too rather look at ensuring users are all in a certain
group and then use iptables too block that group from accessing the
network outside of localhost.
--
Thank you,
Mark Adrian Coetser
[email protected]
We all live in a state of ambitious poverty.
-- Decimus Junius Juvenalis
