[Firehol-support] Blocking outgoing on user
marcus at quintic.co.uk
Tue May 3 11:18:17 BST 2005
Currently at the end of my server firehol script I have:
client all accept
Not good. So what I'm doing is gradually moving away from this and
blocking outgoing services based on the user. The first thing I tried was:
client all accept user not www-data
... which I hoped would block outgoing connections by the apache user,
which in turn should stop/hinder the kiddies downloading their toys.
Unfortunately this produces errors, as does:
client all accept uid not 33
The errors are (1-5 are pretty much the same):
> ERROR : # 1.
> WHAT : A runtime command failed to execute (returned error 1).
> SOURCE : line 31 of /etc/firehol/firehol.conf
> COMMAND : /sbin/iptables -t filter -A out_internet_all_c13.1 -m owner --uid-owner 33 -j RETURN
> OUTPUT :
> iptables: No chain/target/match by that name
Do I need something enabled in the kernel for this? This is firehol
v1.231-1 (debian package versioning).
Marcus Williams -- http://www.cad-schroer.co.uk
CAD Schroer UK, 39 Newnham Road, Cambridge, UK
More information about the Firehol-support