| 1 |
Hi, |
| 2 |
|
| 3 |
I have configured iptables server on server1 (192.168.0.1/24). |
| 4 |
Now I want to allow user root on server1 to be connected to network |
| 5 |
and all other users on server1 will not be able to ping other PCs. So |
| 6 |
I did this: |
| 7 |
-------------------------------------------------------- |
| 8 |
#iptables -F |
| 9 |
#service iptables stop |
| 10 |
#iptables -A OUTPUT -m owner --uid-owner 0 -j ACCEPT |
| 11 |
#iptables -A OUTPUT -j DROP |
| 12 |
#iptables -L |
| 13 |
Chain INPUT (policy ACCEPT) |
| 14 |
target prot opt source destination |
| 15 |
|
| 16 |
Chain FORWARD (policy ACCEPT) |
| 17 |
target prot opt source destination |
| 18 |
|
| 19 |
Chain OUTPUT (policy ACCEPT) |
| 20 |
target prot opt source destination |
| 21 |
ACCEPT all -- anywhere anywhere OWNER UID match root |
| 22 |
DROP all -- anywhere anywhere |
| 23 |
-------------------------------------------------------- |
| 24 |
|
| 25 |
Still other users including root can ping other PCs. Why is this not |
| 26 |
working? |
| 27 |
|
| 28 |
Also I have some diffulties understanding Connection Tracking(NEW, |
| 29 |
ESTABLISHED, RELATED, INVALID) concept. |
| 30 |
Can any one help me? |
| 31 |
|
| 32 |
Any practical guide available on internet for iptables??? |
| 33 |
|
| 34 |
TnR, |
| 35 |
Hiren |
Archives