I want to limit port 80 so that only one user can use it. I want to do this with iptables I have not found any documentation on how to do this.
-
What's a user? You mean single source IP address? – Alex Howansky Jan 07 '11 at 22:58
2 Answers
If you mean "a local user with a discrete uid" then you can use the owner module (-m owner
) and the --uid-owner #
option.
But there are some problems here:
- This only works on outbound packets.
- Some packets don't have owners.
By themselves, those might not normally be deal-breakers. But you need to effectively invert the conditional and block packets not matching the user. I suspect this will sufficiently break protocol processing that a simple attempt to do this will fail.
I would say, forward port 80 output that you know will have a user association to a separate chain, and then filter only that chain by user. This should sufficiently break other user's traffic but not internal traffic to generally meet your requirement.
![](../../users/profiles/140740.webp)
- 135,013
- 23
- 230
- 316
-
I'm only worrying about outbound, because I only want to block request's from being made, and if request are blocked, then how will there be any incomming response. Could you give the command that I would need to use? I don't have much experience with iptables. – Thoughtful Dragon Jan 08 '11 at 01:04
iptables has the -m owner --uid-owner ###
match which "Matches if the packet was created by a process with the given effective user id"
![](../../users/profiles/207248.webp)
- 120,826
- 20
- 133
- 152