Re: iptables: blocking network access for certain UIDs gives error.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2006-07-17 at 08:36 +0200, kmartin wrote:
> hi. i've never posted/reg here before but have lurked for quite awhile.
> 
> i need to block internet access for a couple UIDs. found and a bit of an older thread on this site [url=http://fcp.homelinux.org/modules/newbb/viewtopic.php?topic_id=23058]here[/url]. this is basically what i want to do too but i'm using FC4 and the original post refers to FC3 - not sure if that has anything to do with it. so i'm executing: 
> 
> [b] iptables -D OUTPUT -m owner --uid-owner 502 --jump DROP[/b]
> but i keep getting: [b]"Bad rule (does a matching rule exist in that chain?)" [/b]
> 
That command is trying to delete a rule in the OUTPUT chain that does
not exist by default.

You can look back at several threads on the archive, some dealt with
exactly what you are asking.

Also do a bit of reading on iptables (the man page is a good very basic
start on the nuts and bolts of it). Then after you understand the
commands ask again.


> here is the output of [font=Verdana]iptables --list[/font]:
> 
> > Chain FORWARD (policy ACCEPT)
> > target     prot opt source               destination
> > RH-Firewall-1-INPUT  all  --  anywhere             anywhere
> > 
> > Chain INPUT (policy ACCEPT)
> > target     prot opt source               destination
> > RH-Firewall-1-INPUT  all  --  anywhere             anywhere
> > 
> > Chain OUTPUT (policy ACCEPT)
> > target     prot opt source               destination
> > 
> > Chain RH-Firewall-1-INPUT (2 references)
> > target     prot opt source               destination
> > ACCEPT     all  --  anywhere             anywhere
> > ACCEPT     icmp --  anywhere             anywhere            icmp any
> > ACCEPT     ipv6-crypt--  anywhere             anywhere
> > ACCEPT     ipv6-auth--  anywhere             anywhere
> > ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:5353
> > ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
> > ACCEPT     all  --  anywhere             anywhere            state
> > RELATED,ESTABLISHED
> > REJECT     all  --  anywhere             anywhere            reject-with
> > icmp-host-prohibited
> 
> 
> i checked in [b]ntsysv[/b] and iptables is selected to run at startup. just for the heck of it, i ran [b]iptables--save[/b]. the command does update my [b]/etc/sysconfig/iptables[/b] file stating current date and time for last modified but adds nothing to the file. i have not modified iptables.config in any way. do either/or NetworkManager or NetworkManagerDisbatcher services need to be running for this?
> 
> i'm sure lots of people are already doing this. any help would be greatly appreciated!!!
> 
> 
> 
> -- 
> This is an email sent via the webforum on http://fcp.homelinux.org
> http://fcp.homelinux.org/modules/newbb/viewtopic.php?post_id=100170&topic_id=23936&forum=23#forumpost100170
> 

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux