Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- It looks like the owner iptables module is that what you want. First, check if it's available in Your system:
- iptables -m owner --help
- You can read more here: http://www.frozentux.net/iptables-tutorial/iptables-tutorial.html#OWNERMATCH
- shareimprove this answer
- Owner only allows you to match on the user or group that owns the process, not the process name itself. (The cmd-owner flag appears to have been removed). – Mike Lundy Jun 1 '12 at 22:10
- @MikeLundy: Add a group to your system (I use nonet myself), then add a rule to your output chain like this: -A OUTPUT -m owner --gid-owner nonet -j REJECT --reject-with icmp-net-unreachable Run the program for which you know in advance that you want to block, with sg (sg nonet "your_prog your_args").
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement