Block a user from accessing internet on Linux

linux internet blocking iptables
10,547

And then I do ssh myhost.somewhere.onthe.internet.example.com -D 12345, point my browser to use SOCKS proxy localhost:12345, and on I go on my merry way.

In other words, blacklisting specific ports is not sufficient; you may want to block all network access:

iptables -A OUTPUT -m owner --uid-owner $USERNAME -j DROP

Note that there may be a need to access certain network resources (e.g. local network shares), so you may need to whitelist those (or perhaps whitelist the local network block).

Share:
10,547

Related videos on Youtube

Christoph Rüegg
Author by

Christoph Rüegg

Updated on September 17, 2022

Comments

  • Christoph Rüegg
    Christoph Rüegg over 1 year

    How do I block a user from accessing the internet under Linux?

    I'm trying the following:

    iptables -A OUTPUT -p tcp --dport 80,443 -m owner --uid-owner $USERNAME -j DROP

    Is that the right syntax or command?

    • xenoterracide
      xenoterracide about 14 years
      not being familiar with -m owner you could probably just remove -p tcp --dport 80,443 and prevent ALL tcp/ip access
    • iglvzx
      iglvzx over 12 years
      If you have control over their access point (e.g. router), you could block their computer's physical addresses and whatnot.
    • killermist
      killermist almost 12 years
      @iglvzx That would block the whole machine, and not a specific user, which is what it looks like was being asked.
  • geek
    geek about 14 years
    This is correct only for web servers running on standard ports. This is the case for most web servers, but generally a web server can listen on any port. So it's possible for that user to set up a remote web server running on a non-standart port, host a CGI proxy web script there and browse the Internet over it.
  • alper
    alper over 2 years
    How can I whitelist the local network block?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Block all ports except SSH/HTTP in ipchains and iptables
How to block all ports except 80,443 with iptables?
How to restrict internet access for a particular user on the lan using iptables in Linux
Will increasing number of rules in iptables slow down my internet
How to fix “iptables: No chain/target/match by that name”?
How to make all outgoing RST drop
Allow ssh incoming/outgoing and blocking all outgoing besides specific ports
iptables redirect from external interface to loopback's port?
Linux as router with multiple internet providers
Sharing connection - IPTABLES