Opened 15 years ago
Closed 14 years ago
#52 closed enhancement (wontfix)
Block traffic for a particular user
|Reported by:||dvanmosselbeen||Owned by:||Victor Julien|
The idea is to block some traffic for a particular user. With:
iptables -A OUTPUT -p tcp -m owner --uid-owner <username> -j DROP
we can block do this but it won't work if the system does forwarding. It would be nice to find a way for systems that does forwarding. Apparently
nufw provide a solution (but don't ask me).
Change History (2)
comment:1 by , 15 years ago
comment:2 by , 14 years ago
|Status:||new → closed|
I agree with Adi's explanation. Vuurmuur is primarily developed as a gateway firewall, and the owner match won't be able to do anything for that.
Note: See TracTickets for help on using tickets.
Tagging this as "trivial" is brave to say the least. nufw provides client software that communicates with the server via network. A client application has to be registered to be allowed to get a connection.
There are several approaches to the issue of locking in people:
IMO it is not feasible to implement this within vuurmuur, because it heavily depends on client software for about any platform. Creating and maintaining such client software means huge effort in a different direction.
One solution to this problem that works out of the box right now is the use of proxy servers. Another solution to this problem would be really nice to have -- but as a stand-alone project using vuurmuur_script: a webinterface that allows authentication and is capable of revoking the authentication once the user disconnects. This should not be hard to do but definitely means work and implementing proper security mechanisms. ;-)