iptables: blocking network access for certain UIDs gives error.
kmartin
no-reply-gw at fcp.homelinux.org
Mon Jul 17 06:36:51 UTC 2006
hi. i've never posted/reg here before but have lurked for quite awhile.
i need to block internet access for a couple UIDs. found and a bit of an older thread on this site [url=http://fcp.homelinux.org/modules/newbb/viewtopic.php?topic_id=23058]here[/url]. this is basically what i want to do too but i'm using FC4 and the original post refers to FC3 - not sure if that has anything to do with it. so i'm executing:
[b] iptables -D OUTPUT -m owner --uid-owner 502 --jump DROP[/b]
but i keep getting: [b]"Bad rule (does a matching rule exist in that chain?)" [/b]
here is the output of [font=Verdana]iptables --list[/font]:
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
> RH-Firewall-1-INPUT all -- anywhere anywhere
>
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> RH-Firewall-1-INPUT all -- anywhere anywhere
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain RH-Firewall-1-INPUT (2 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
> ACCEPT icmp -- anywhere anywhere icmp any
> ACCEPT ipv6-crypt-- anywhere anywhere
> ACCEPT ipv6-auth-- anywhere anywhere
> ACCEPT udp -- anywhere 224.0.0.251 udp dpt:5353
> ACCEPT udp -- anywhere anywhere udp dpt:ipp
> ACCEPT all -- anywhere anywhere state
> RELATED,ESTABLISHED
> REJECT all -- anywhere anywhere reject-with
> icmp-host-prohibited
i checked in [b]ntsysv[/b] and iptables is selected to run at startup. just for the heck of it, i ran [b]iptables--save[/b]. the command does update my [b]/etc/sysconfig/iptables[/b] file stating current date and time for last modified but adds nothing to the file. i have not modified iptables.config in any way. do either/or NetworkManager or NetworkManagerDisbatcher services need to be running for this?
i'm sure lots of people are already doing this. any help would be greatly appreciated!!!
--
This is an email sent via the webforum on http://fcp.homelinux.org
http://fcp.homelinux.org/modules/newbb/viewtopic.php?post_id=100170&topic_id=23936&forum=23#forumpost100170
More information about the fedora-list
mailing list