[PLUG] Limiting Internet Access in Linux...

drew wymore drew.wymore at gmail.com
Thu Nov 5 05:33:59 UTC 2009


On Wed, Nov 4, 2009 at 9:27 PM, Michael Robinson
<plug_1 at robinson-west.com>wrote:

> Is there a way to allow squid and postfix and basically system programs,
> but not firefox, to head to the Internet?  Apparently, there is
> something in iptables that allows blocking by user name...  anyone
> have a recipe that will do the trick?
>
> Firefox plugins are not an option because there is no way at all to
> protect them due to the way firefox is designed, ugh!
>
> A server may have X Windows and firefox and in that event be web surfing
> capable, but what if you don't want to allow web surfing from the server
> itself?
>
> My server needs to allow it's web server to be accessed from the Net and
> block people on it directly from surfing out at the same time.  It is a
> mail server in that it can do smtp to a Net host, but it is not imap or
> pop accessible from the Net and shouldn't be.  There is a squid instance
> on this server that needs to be able to go out to the Net.
>
> I'm thinking something like:
>
> iptables -m user ... is what I need.
>
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>

Why not just block outgoing port 80 and 443 requests? Problem solved.



More information about the PLUG mailing list