Professional Web Applications Themes

Help: Can I customize my firewall per user? - Linux Setup, Configuration & Administration

Hi, I use MDK 9.1 with the Shorewall firewall configured to reject any incoming communication from the Internet. As my son wants to use a peer-to-peer application (mlDonkey) I'll have to add some rule to allow (only) that specific incoming communication. In order to maintain max security I have created a separate user, named "Joe", and intend to run mlDonkey while Joe is the only user logged on. Is there a simple way to modify Shorewall's rule file while Joe log on and restore it while he logs off? Thanks in advance....

  1. #1

    Default Help: Can I customize my firewall per user?

    Hi,
    I use MDK 9.1 with the Shorewall firewall configured to reject any
    incoming communication from the Internet.
    As my son wants to use a peer-to-peer application (mlDonkey)
    I'll have to add some rule to allow (only) that specific incoming communication.

    In order to maintain max security I have created a separate user,
    named "Joe", and intend to run mlDonkey while Joe is the only user
    logged on. Is there a simple way to modify Shorewall's rule file
    while Joe log on and restore it while he logs off?

    Thanks in advance.

    Michael Guest

  2. #2

    Default Re: Help: Can I customize my firewall per user?

    Michael Badt wrote: 

    You should be able to use iptables to control outgoing packets depending
    on the user ID, the group ID, the process ID, and the session ID of the
    process that created the packet. See the following flags:

    -m owner
    --uid-owner
    --gid-owner
    --pid-owner
    --sid-owner

    I am not familiar with Shorewall's rule file, but iptables has the basic
    capability.

    --
    .~. Jean-David Beyer Registered Linux User 85642.
    /V\ Registered Machine 73926.
    /( )\ Shrewsbury, New Jersey http://counter.li.org
    ^^-^^ 2:25pm up 7 days, 39 min, 3 users, load average: 4.17, 4.02, 4.00

    Jean-David Guest

  3. #3

    Default Re: Help: Can I customize my firewall per user?

    On 15/10/03 19:34 Jean-David Beyer stumbled up to the bar and slurred..
     
    >
    >
    > You should be able to use iptables to control outgoing packets depending
    > on the user ID, the group ID, the process ID, and the session ID of the
    > process that created the packet. See the following flags:
    >
    > -m owner
    > --uid-owner
    > --gid-owner
    > --pid-owner
    > --sid-owner
    >
    > I am not familiar with Shorewall's rule file, but iptables has the basic
    > capability.
    >[/ref]

    Try GuardDog, it has a user section in the firewall that the user controls. That
    should show you the basics or you could configure for each user and then lock
    out the interface.

    --
    Regards

    Neil


    Hawk Guest

  4. #4

    Default Re: Help: Can I customize my firewall per user?



    Michael Badt wrote: 
    Hi Michael,

    This feature was added in shorewall 1.4.7. Upgrade to this version and
    fill in the file /etc/shorewall/{users,usersets}. You may then restrict
    rules in /etc/shorewall/rules to some users/usersets.

    More information on

    www.shorewall.net -> Doentation -> usersets and users

    Eric

    Eric Guest

Similar Threads

  1. Customize CreateUserWizard
    By Abdul in forum ASP.NET Security
    Replies: 2
    Last Post: July 26th, 02:26 AM
  2. Customize menubar
    By keiTai in forum Macromedia Director Basics
    Replies: 2
    Last Post: April 26th, 10:04 PM
  3. How do I customize a progress bar?
    By ScottE in forum Macromedia Director Lingo
    Replies: 1
    Last Post: August 22nd, 07:36 PM
  4. Customize prompt on KSH
    By Rob Stampfli in forum Sun Solaris
    Replies: 0
    Last Post: August 3rd, 06:22 AM
  5. customize x-window
    By Jianan Huang in forum Debian
    Replies: 0
    Last Post: July 19th, 07:50 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139