I need to block network access for certain users/groups, fully:
iptables -A mychain -m owner --gid-owner blockedusergroup -j DROP
...drops ping packages in the output chain but lets my user happily
connect to localhost:631 or any other http address. In deed the rule above
is therefore pretty useless.
I need to block ALL incoming and outgoing packages for a certain
user/group.
At the moment there is only insufficient blocking for outgoing packages
available.
What will I have to do to implement network access restrictions on a per
user/group basis?
Logging such packages is already possible. Why is blocking them not?
Can anyone help me?
Elmar Stellnberger
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html