Disable internet access for particular user in Ubuntu
Sponsored Link
First you need to edit the network interfaces file using the following comamnd
sudo vi /etc/network/interfaces
or
sudo gedit /etc/network/interfaces
Now you need to add the simple iptables rule to the interfaces file when the internet connection starts up
Simply add this under auto wlan0 or auto eth0 in the interfaces file
pre-up iptables -A OUTPUT -p tcp -m owner --uid-owner username -j DROP
save and exit the file.
Now you need to type in the terminal with the following command
sudo iptables -A OUTPUT -p tcp -m owner --uid-owner username -j DROP
and switch users to the username you blocked and try to access the internet.
How would you turn it on again?
Would you add:
pre-up iptables -A OUTPUT -p tcp -m owner –uid-owner username -j ACCEPT
or just delete the original /etc/network/interfaces statement?
What’s pre-up do? Couldn’t find anything on it in Google.
As of yet, I haven’t been successful in getting your original DROP statement to work–and I did change the username variable.
Note: You could also disable the user’s browser permissions but this would have the negative effect of disallowing user access to locally saved web pages. You could also disallow user access to the Internet via the PC firewall such as Firestarter /etc/host/deny for outbound traffic, or at a gateway firewall if the user account was on it’s own PC.
This does not work. I get an error when I try these instructions. I put the lines in the interfaces file replacing USERNAME with the name of the user I want blocked. Then when I try the terminal command, I get:
sudo: unable to resolve host daddy-desktop
iptables v1.4.0: Bad OWNER UID value ‘-owner’
So instead of having the -owner I took that parameter out, and still get the unable to resolve host message.
Try the following:
Create a new user (desktop-user).
Under user privileges, make sure that access to the ethernet/wireless/modem are disabled.
Open network connections and select the connections that show. Click properties, and uncheck ‘available to all users’.
Log off, then log on to the user in question. They shouldn’t be able to connect.
Note: this disables all LAN connections.
I followed the original instructions and it worked perfectly. Suddenly, it stopped working. Only change is a LinkStation NAS box added to the network. Interfaces file is unchanged, terminal command works for that session only. Any suggestions?
Matthew,
Oddly, what you describe doesn’t work in recent versions of Ubuntu (tried here in 10.4 and 10.10beta). That privileges GUI you mention only puts users in or removes them from the appropriate groups. But Gnome’s Network Manager doesn’t make decisions (anymore) based on these groups, but rather on the basis of PolicyKit, for which there is currently no GUI. It’s a (reported) bug. Your process does remove the connection, but it doesn’t remove the ability of the user to set it up again. Tell me if you found differently.
ubu 12.04
you go to the conection icon as an administrator, and then edit connections, you choose your conection, edit it, and uncheck the available to all users
and voila.