From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.54) id 1FOFFX-000502-NK for garchives@archives.gentoo.org; Tue, 28 Mar 2006 14:32:48 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.6/8.13.5) with SMTP id k2SEUDrL029837; Tue, 28 Mar 2006 14:30:13 GMT Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.226]) by robin.gentoo.org (8.13.6/8.13.5) with ESMTP id k2SEE8nr001203 for ; Tue, 28 Mar 2006 14:14:09 GMT Received: by wproxy.gmail.com with SMTP id 50so1470847wri for ; Tue, 28 Mar 2006 06:14:07 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=htNy97pyy4XfQu5QsNg5fBzvuAsACv67uBPPusCL7l7ev1LeTW9XTV7NFrRQ7Dz1DDko0ohs3lAvfWvlivQmt9Q332iUnPS6owLwMDIPp96H/9qC+dHNLzIEK1SdU6sXfPglCv5nr2gMKEQsYDNpiWNGt2BhcqZRMxvVBHY8mvw= Received: by 10.65.93.7 with SMTP id v7mr3438743qbl; Tue, 28 Mar 2006 06:14:07 -0800 (PST) Received: by 10.65.155.20 with HTTP; Tue, 28 Mar 2006 06:14:07 -0800 (PST) Message-ID: Date: Tue, 28 Mar 2006 19:44:07 +0530 From: "Hiren Dave" To: gentoo-user@lists.gentoo.org, VGLUG@googlegroups.com Subject: [gentoo-user] another iptables question... Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_28978_20478879.1143555247682" X-Archives-Salt: 5763d4fc-de95-42c0-87e6-6e51a09c3fc9 X-Archives-Hash: deeb65fb7b0daadfe947c607a03a7953 ------=_Part_28978_20478879.1143555247682 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hi, I have configured iptables server on server1 (192.168.0.1/24). Now I want to allow user root on server1 to be connected to network and all other users on server1 will not be able to ping other PCs. So I did this: -------------------------------------------------------- #iptables -F #service iptables stop #iptables -A OUTPUT -m owner --uid-owner 0 -j ACCEPT #iptables -A OUTPUT -j DROP #iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere OWNER UID match root DROP all -- anywhere anywhere -------------------------------------------------------- Still other users including root can ping other PCs. Why is this not working? Also I have some diffulties understanding Connection Tracking(NEW, ESTABLISHED, RELATED, INVALID) concept. Can any one help me? Any practical guide available on internet for iptables??? TnR, Hiren ------=_Part_28978_20478879.1143555247682 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline

Hi,

I have configured iptables server on server1 (192.168.0.1/24).
Now I want to allow user root on serve= r1 to be connected to network
and all other users on server1 will not be= able to ping other PCs. So
I did this:
--------------------------------------------------------=
#iptables -F
#service iptables stop
#iptables -A OUTPUT -m owner = --uid-owner 0 -j ACCEPT
#iptables -A OUTPUT -j DROP
#iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt sour= ce            &= nbsp;  destination        

Chain FORWARD (policy ACCEPT)
target     prot opt= source           &n= bsp;   destination        = ;

Chain OUTPUT (policy ACCEPT)
target     prot opt = source           &nb= sp;   destination        =
ACCEPT     all  --  anywhere  =            anywhere =      OWNER UID match root
DROP   &nb= sp;   all  --  anywhere     &n= bsp;       anywhere    &n= bsp;      =20
--------------------------------------------------------

Still other users including root can ping other PCs. Why is this not
= working?

Also I have some diffulties understanding Connection Tracking(NEW, ESTAB= LISHED, RELATED, INVALID) concept.
Can any one help me?

Any practical guide available on internet for iptables???

TnR,
Hiren

------=_Part_28978_20478879.1143555247682-- -- gentoo-user@gentoo.org mailing list