[PLUG] Limiting Internet Access in Linux...

Michael Robinson plug_1 at robinson-west.com
Thu Nov 5 05:27:13 UTC 2009


Is there a way to allow squid and postfix and basically system programs,
but not firefox, to head to the Internet?  Apparently, there is
something in iptables that allows blocking by user name...  anyone 
have a recipe that will do the trick?

Firefox plugins are not an option because there is no way at all to
protect them due to the way firefox is designed, ugh!

A server may have X Windows and firefox and in that event be web surfing
capable, but what if you don't want to allow web surfing from the server
itself?

My server needs to allow it's web server to be accessed from the Net and
block people on it directly from surfing out at the same time.  It is a
mail server in that it can do smtp to a Net host, but it is not imap or
pop accessible from the Net and shouldn't be.  There is a squid instance
on this server that needs to be able to go out to the Net.

I'm thinking something like:

iptables -m user ... is what I need.




More information about the PLUG mailing list