Re: iptables: blocking network access for certain UIDs gives error.
- From: "Guillermo Garron" <guillermo.fedora@xxxxxxxxx>
- Date: Mon, 17 Jul 2006 09:33:21 -0400
Sorry,
you can check this out
http://web.mit.edu/rhel-doc/3/rhel-sg-es-3/s1-fireall-ipt-act.html
regards,
Guillermo.
On 7/17/06, Guillermo Garron <guillermo.fedora@xxxxxxxxx> wrote:
--
To save your current values so, IPTABLES start with that next time use
/sbin/service iptables save
instead of
iptables --save
(i dont know why the first one works and the second no. )
regards,
Guillermo.
On 7/17/06, Tim <ignored_mailbox@xxxxxxxxxxxx> wrote:
>
> On Mon, 2006-07-17 at 08:36 +0200, kmartin wrote:
> > i need to block internet access for a couple UIDs. found and a bit of
> > an older thread on this site
> > [url=
> http://fcp.homelinux.org/modules/newbb/viewtopic.php?topic_id=23058]here[/url<http://fcp.homelinux.org/modules/newbb/viewtopic.php?topic_id=23058%5Dhere%5B/url>].
> this is basically what i want to do too but i'm using FC4 and the original
> post refers to FC3 - not sure if that has anything to do with it. so i'm
> executing:
> >
> > [b] iptables -D OUTPUT -m owner --uid-owner 502 --jump DROP[/b]
> > but i keep getting: [b]"Bad rule (does a matching rule exist in that
> > chain?)" [/b]
>
> You can only delete a rule that already exists. That's what the -D
> option does. Are you hoping to add that rule, and just half copied some
> other example?
>
> For newcomers, I'd suggest using the un-abbreviated options, until
> you're familiar with iptables. It's more explantory.
>
> e.g. iptables --append OUTPUT --match owner --uid-owner 502 --jump DROP
>
> That appends a rule to the output filtering (outgoing connection), the
> rule will match something using the owner module, and that owner module
> is concerned with uid 502, the target of the rule is to DROP the
> packets.
>
> As you're making an outgoing rule, where the foolish notion of
> "stealthing" is a complete waste of time, I wouldn't DROP the packet
> (which will keep the other end waiting for a timeout), I'd REJECT the
> packet. It still stops them from connecting, but instantly telling them
> it isn't going to work. Hint, use REJECT rather than DROP, to do this.
>
> > here is the output of [font=Verdana]iptables --list[/font]:
>
> It'd be a lot better to read without the [pseudo] HTML.
>
> --
> (Currently running FC4, occasionally trying FC5.)
>
> Don't send private replies to my address, the mailbox is ignored.
> I read messages from the public lists.
>
> --
> fedora-list mailing list
> fedora-list@xxxxxxxxxx
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
- References:
- Prev by Date: Re: iptables: blocking network access for certain UIDs gives error.
- Next by Date: Re: Samsung ML-2010 and Fedora Core 5
- Previous by thread: Re: iptables: blocking network access for certain UIDs gives error.
- Next by thread: Re: iptables: blocking network access for certain UIDs gives error.
- Index(es):
Relevant Pages
|
