Solved

iptables rules per user or application

Posted on 2009-07-10
1
1,270 Views
Last Modified: 2013-11-16
I want to script some iptables rules only for a specific application like a personal firewall on windows, but the iptables module is not working on multicore CPUs.

Is there another way?

Commands like the following are not working on SMP systems:
iptables -A OUTPUT -m owner --uid-owner 315 -m state --state NEW -j ACCEPT
 
iptables -A OUTPUT -m owner --uid-owner 315 --cmd-owner firefox -p tcp -m multiport \
--dport 80,443 -m state --state NEW -j ACCEPT

Open in new window

0
Comment
Question by:D-CPA
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 27

Accepted Solution

by:
Nopius earned 250 total points
ID: 24823464
> Is there another way?

Probably yes, but not with iptables and not with such control grain as with IPtables. You can try to use SELinux network acl features.
http://selinux-symposium.org/2005/presentations/session2/2-2-morris.pdf

Don't ask me, I never tested it :-)
0

Featured Post

Retailers - Is your network secure?

With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question