Linux-Noob Forums
How to block local users ports and ips - Printable Version

+- Linux-Noob Forums (https://www.linux-noob.com/forums)
+-- Forum: Linux Server Administration (https://www.linux-noob.com/forums/forum-8.html)
+--- Forum: Security and Firewalls (https://www.linux-noob.com/forums/forum-87.html)
+--- Thread: How to block local users ports and ips (/thread-2966.html)

How to block local users ports and ips - KobrAs - 2004-12-29


Want to block a local user to access a specific port or a specific ip ?

linux-noob.com will help you how to do that :

 

[root@test tmp]# id test

uid=503(test) gid=503(test) groups=503(test)

[root@test tmp]#

(look at uid= and gid=)

 

How to block a local user to access any outside ports ?



Code:
iptables -t filter -A OUTPUT -p tcp --dport 6667 --match owner --uid-owner 503 -j DROP




(you may need to change tcp to udp or icmp and --uid-owner to other uid)

 

How to block a local group to access any outside ports ?

(lets find group 'users' gid by doing grep -i users /etc/group)



Code:
iptables -t filter -A OUTPUT -p tcp --match owner --gid-owner 100 -j DROP




 

For blocking just specific ports just add --dport port or --sport port after -p protocol

 



Code:
iptables -t filter -A OUTPUT -p tcp --dport 6667 --match owner --uid-owner 503 -j DROP




 



Code:
iptables -t filter -A OUTPUT -p tcp --dport 6667 --match owner --gid-owner 100 -j DROP




 

How to block a specific range of ports ?

 



Code:
iptables -t filter -A OUTPUT -p tcp --dport 1:1024 --match owner --uid-owner 503 -j DROP




(you may need to change the range 1:1024 (all ports from 1 to 1024) and the uid)

 

How to block a specific ip destination or source or a specific class (a 256 ips class) on all protocols and ports or to specific port(s)?

 

destination :



Code:
iptables -t filter -A OUTPUT -d 199.9.9.9 --match owner --uid-owner 503 -j DROP




 

source :



Code:
iptables -t filter -A OUTPUT -s 199.9.9.9 --match owner --uid-owner 503 -j DROP




 

full class :



Code:
iptables -t filter -A OUTPUT -d 199.9.9.0/24 --match owner --uid-owner 503 -j DROP






Code:
iptables -t filter -A OUTPUT -s 199.9.9.0/24 --match owner --uid-owner 503 -j DROP




 

specific destination or source specific ports or range :



Code:
iptables -t filter -A OUTPUT -d 199.9.9.0/24 --dport 6667 --match owner --uid-owner 503 -j DROP






Code:
iptables -t filter -A OUTPUT -d 199.9.9.0/24 --dport 1:1024 --match owner --uid-owner 503 -j DROP




 

(you many need to change tcp to udp or icmp and --gid-owner to other gid)

 

(the ips and ports used here are just examples)

 

Thats all for today.

 

Greets goes out to ... linux-noob.com



How to block local users ports and ips - anyweb - 2004-12-29


thanks Kobras great post !

 

pinned !

 

cheers

 

anyweb



How to block local users ports and ips - znx - 2005-07-07

nice, proves the power of iptables