hi,
i want to regulate local users on our non-firewalled machines:
+ normal, non-system users (uid >= 500) shall not be able to bind to any
port (so that they cannot run file-sharing applications, bypass company
proxies/mailservers and what not);
+ there are certain IP aliases (say: 12.34.56.78 and 12.34.56.79) and of
course 0.0.0.0 that should be able to be bind()-ed by normal users at all.
seeing that iptables now has --*-owner options, is it possible to
achieve this goal with iptables? or do i still have to trap the bind()
(or accept(), or listen()) syscall somehow?
--
dave
