January 9, 2008 · Networking, Security · Email This Post

Sponsored Link
This is very useful if you want to block internet access to your kids or particular users

First you need to edit the network interfaces file using the following comamnd

sudo vi /etc/network/interfaces

or

sudo gedit /etc/network/interfaces

Now you need to add the simple iptables rule to the interfaces file when the internet connection starts up

Simply add this under auto wlan0 or auto eth0 in the interfaces file

pre-up iptables -A OUTPUT -p tcp -m owner --uid-owner username -j DROP

save and exit the file.

Now you need to type in the terminal with the following command

sudo iptables -A OUTPUT -p tcp -m owner --uid-owner username -j DROP

and switch users to the username you blocked and try to access the internet.

Incoming search terms:

Related posts

7 Comments to “Disable internet access for particular user in Ubuntu”

  1. jj says:

    How would you turn it on again?

    [Reply]

  2. jj says:

    Would you add:

    pre-up iptables -A OUTPUT -p tcp -m owner –uid-owner username -j ACCEPT

    or just delete the original /etc/network/interfaces statement?

    What’s pre-up do? Couldn’t find anything on it in Google.

    As of yet, I haven’t been successful in getting your original DROP statement to work–and I did change the username variable.

    Note: You could also disable the user’s browser permissions but this would have the negative effect of disallowing user access to locally saved web pages. You could also disallow user access to the Internet via the PC firewall such as Firestarter /etc/host/deny for outbound traffic, or at a gateway firewall if the user account was on it’s own PC.

    [Reply]

  3. CS says:

    This does not work. I get an error when I try these instructions. I put the lines in the interfaces file replacing USERNAME with the name of the user I want blocked. Then when I try the terminal command, I get:
    sudo: unable to resolve host daddy-desktop
    iptables v1.4.0: Bad OWNER UID value ‘-owner’

    So instead of having the -owner I took that parameter out, and still get the unable to resolve host message.

    [Reply]

  4. Matthew says:

    Try the following:

    Create a new user (desktop-user).

    Under user privileges, make sure that access to the ethernet/wireless/modem are disabled.

    Open network connections and select the connections that show. Click properties, and uncheck ‘available to all users’.

    Log off, then log on to the user in question. They shouldn’t be able to connect.

    Note: this disables all LAN connections.

    [Reply]

  5. Michael says:

    I followed the original instructions and it worked perfectly. Suddenly, it stopped working. Only change is a LinkStation NAS box added to the network. Interfaces file is unchanged, terminal command works for that session only. Any suggestions?

    [Reply]

  6. ScoBe says:

    Matthew,

    Oddly, what you describe doesn’t work in recent versions of Ubuntu (tried here in 10.4 and 10.10beta). That privileges GUI you mention only puts users in or removes them from the appropriate groups. But Gnome’s Network Manager doesn’t make decisions (anymore) based on these groups, but rather on the basis of PolicyKit, for which there is currently no GUI. It’s a (reported) bug. Your process does remove the connection, but it doesn’t remove the ability of the user to set it up again. Tell me if you found differently.

    [Reply]

  7. pericles says:

    ubu 12.04
    you go to the conection icon as an administrator, and then edit connections, you choose your conection, edit it, and uncheck the available to all users

    and voila.

    [Reply]

Leave a Reply