If you're new here, you may want to subscribe to my RSS feed and if you have questions related to your ubuntu system post question to our forums. Thanks for visiting!
First you need to edit the network interfaces file using the following comamnd
sudo vi /etc/network/interfaces
or
sudo gedit /etc/network/interfaces
Now you need to add the simple iptables rule to the interfaces file when the internet connection starts up
Simply add this under auto wlan0 or auto eth0 in the interfaces file
pre-up iptables -A OUTPUT -p tcp -m owner --uid-owner username -j DROP
save and exit the file.
Now you need to type in the terminal with the following command
sudo iptables -A OUTPUT -p tcp -m owner --uid-owner username -j DROP
and switch users to the username you blocked and try to access the internet.
How would you turn it on again?
Would you add:
pre-up iptables -A OUTPUT -p tcp -m owner --uid-owner username -j ACCEPT
or just delete the original /etc/network/interfaces statement?
What’s pre-up do? Couldn’t find anything on it in Google.
As of yet, I haven’t been successful in getting your original DROP statement to work--and I did change the username variable.
Note: You could also disable the user’s browser permissions but this would have the negative effect of disallowing user access to locally saved web pages. You could also disallow user access to the Internet via the PC firewall such as Firestarter /etc/host/deny for outbound traffic, or at a gateway firewall if the user account was on it’s own PC.
This does not work. I get an error when I try these instructions. I put the lines in the interfaces file replacing USERNAME with the name of the user I want blocked. Then when I try the terminal command, I get:
sudo: unable to resolve host daddy-desktop
iptables v1.4.0: Bad OWNER UID value ‘-owner’
So instead of having the -owner I took that parameter out, and still get the unable to resolve host message.
Try the following:
Create a new user (desktop-user).
Under user privileges, make sure that access to the ethernet/wireless/modem are disabled.
Open network connections and select the connections that show. Click properties, and uncheck ‘available to all users’.
Log off, then log on to the user in question. They shouldn’t be able to connect.
Note: this disables all LAN connections.
I followed the original instructions and it worked perfectly. Suddenly, it stopped working. Only change is a LinkStation NAS box added to the network. Interfaces file is unchanged, terminal command works for that session only. Any suggestions?