Re: Help: Can I customize my firewall per user?
From: Hawk Eye (sunbed_at_rocketmail.com)
Date: Wed, 15 Oct 2003 23:57:58 +0100
On 15/10/03 19:34 Jean-David Beyer stumbled up to the bar and slurred..
> Michael Badt wrote:
>> Hi, I use MDK 9.1 with the Shorewall firewall configured to reject any
>> incoming communication from the Internet. As my son wants to use a
>> peer-to-peer application (mlDonkey) I'll have to add some rule to
>> allow (only) that specific incoming communication.
>> In order to maintain max security I have created a separate user,
>> named "Joe", and intend to run mlDonkey while Joe is the only user
>> logged on. Is there a simple way to modify Shorewall's rule file while
>> Joe log on and restore it while he logs off?
>> Thanks in advance.
> You should be able to use iptables to control outgoing packets depending
> on the user ID, the group ID, the process ID, and the session ID of the
> process that created the packet. See the following flags:
> -m owner
> I am not familiar with Shorewall's rule file, but iptables has the basic
Try GuardDog, it has a user section in the firewall that the user controls. That
should show you the basics or you could configure for each user and then lock
out the interface.
-- Regards Neil