The connection to the server is done with nomachine or vnc.
Within this connection some users are starting a terminal session, which runs a specific application.
This application will send sometimes emails.
Some of these users are not allowed to connect to the internet, more specific, no surfing.
I suppose this is a common problem in companies.
I tried to use iptables
iptables -A OUTPUT -p tcp -m owner --uid-owner (user name to block) -j DROP
But
this will prevent these users from connecting to this server.
So OUTPUT is somehow also INPUT?
Of course port 587 should stay open for sendmail.
Has anybody a solution for this?
Roland
block specific users from going to the internet
Re: block specific users from going to the internet
Could be something like [code]iptables -A OUTPUT -o eth0 -p tcp ! -d $LANRANGE -m state --state NEW -m owner --uid-owner $UID -j DROP[/code] where "[i]-m state --state NEW[/i]" only considers new (not yet tracked) connections and "[i]! -d $LANRANGE[/i]" makes it apply to only connections trying to escape your LAN range.