1 |
Hi, |
2 |
|
3 |
I have configured iptables server on server1 (192.168.0.1/24). |
4 |
Now I want to allow user root on server1 to be connected to network |
5 |
and all other users on server1 will not be able to ping other PCs. So |
6 |
I did this: |
7 |
-------------------------------------------------------- |
8 |
#iptables -F |
9 |
#service iptables stop |
10 |
#iptables -A OUTPUT -m owner --uid-owner 0 -j ACCEPT |
11 |
#iptables -A OUTPUT -j DROP |
12 |
#iptables -L |
13 |
Chain INPUT (policy ACCEPT) |
14 |
target prot opt source destination |
15 |
|
16 |
Chain FORWARD (policy ACCEPT) |
17 |
target prot opt source destination |
18 |
|
19 |
Chain OUTPUT (policy ACCEPT) |
20 |
target prot opt source destination |
21 |
ACCEPT all -- anywhere anywhere OWNER UID match root |
22 |
DROP all -- anywhere anywhere |
23 |
-------------------------------------------------------- |
24 |
|
25 |
Still other users including root can ping other PCs. Why is this not |
26 |
working? |
27 |
|
28 |
Also I have some diffulties understanding Connection Tracking(NEW, |
29 |
ESTABLISHED, RELATED, INVALID) concept. |
30 |
Can any one help me? |
31 |
|
32 |
Any practical guide available on internet for iptables??? |
33 |
|
34 |
TnR, |
35 |
Hiren |