[LARTC] Restrict access to certain ips.

[LARTC] Restrict access to certain ips.

[Thilo Schulz]

Hello,

I have a machine with several ips. My goal is to only allow access to one ip 
for a certain user. for example 192.168.1.11 may only be used by UID 1001

I have found in the man page for bind following errno numeric:
> EACCES The address is protected, and the user is not the super-user.

Is it possible to restrict access to certain ips to certain uids?

 - Thilo Schulz
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Restrict access to certain ips.

[Martin A. Brown]

Thilo,

Did you ever receive an answer on this question?

Also--a question of clarification....

  Do you mean that only UID 1001 should be allowed to bind to 192.168.1.11
  for outbound packets?

If so, then, why not try this:

  iptables -I OUTPUT -o $OUTDEV -m owner ! --uid-owner 1001 -j DROP

Is that what you wished to accomplish?

-Martin

 : Hello,
 :
 : I have a machine with several ips. My goal is to only allow access to one ip
 : for a certain user. for example 192.168.1.11 may only be used by UID 1001
 :
 : I have found in the man page for bind following errno numeric:
 : > EACCES The address is protected, and the user is not the super-user.
 :
 : Is it possible to restrict access to certain ips to certain uids?
 :
 :  - Thilo Schulz
 : _______________________________________________
 : LARTC mailing list / LARTC@mailman.ds9a.nl
 : http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
 :

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/