Anshuman Aggarwal
2012-Mar-20 03:03 UTC
Block users from connecting to listening ports of other users
Hi, Is there a shore wall rule (or iptables fallback) that will allow block a user from connecting to the listening ports of another user on the fire walled machine itself. I''ve successfully blocked a user from connecting to any local ports on the firewall itself using but I want the user to be able to connect to listening processes started by itself. Thanks for any help and thoughts on this, - Anshuman ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure
Tom Eastep
2012-Mar-20 04:33 UTC
Re: Block users from connecting to listening ports of other users
On 03/19/2012 08:03 PM, Anshuman Aggarwal wrote:> Hi, > Is there a shore wall rule (or iptables fallback) that will allow block > a user from connecting to the listening ports of another user on the > fire walled machine itself. > > I''ve successfully blocked a user from connecting to any local ports on > the firewall itself using but I want the user to be able to connect to > listening processes started by itself.Netfilter provides no facility for that type of blocking. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure
Ed W
2012-Mar-20 14:41 UTC
Re: Block users from connecting to listening ports of other users
On 20/03/2012 04:33, Tom Eastep wrote:> On 03/19/2012 08:03 PM, Anshuman Aggarwal wrote: >> Hi, >> Is there a shore wall rule (or iptables fallback) that will allow block >> a user from connecting to the listening ports of another user on the >> fire walled machine itself. >> >> I''ve successfully blocked a user from connecting to any local ports on >> the firewall itself using but I want the user to be able to connect to >> listening processes started by itself. > Netfilter provides no facility for that type of blocking. > > -Tom >However, if you can code, you could look at the netfilter "owner" module and perhaps modify it to target the destination? Good luck Ed W ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure