Block Outgoing Network Access For a Single User Using Firewalld

Latest response

How do I configure firewalld to allow a user a dedicated ip range.

DD
Log in to join the conversation

Responses

Jamie Bainbridge's picture Red Hat Guru 7257 points
17 April 2018 10:22 AM

You can filter outgoing traffic here: How to filter outbound or outgoing network traffic in RHEL7?

For a specific user, a quick search of man iptables-extensions shows there is a module to match on owner.

DD Active Contributor 165 points
17 April 2018 11:47 AM

For now i have

#firewall-cmd --direct --permanent --add-chain ipv4 filter restrict_apache
#firewall-cmd --direct --permanent --add-rule ipv4 filter restrict_apache 1 -m owner --uid-owner apache
#firewall-cmd --direct --permanent --add-rule ipv4 filter restrict_apache 2 -d 10.0.24.0/22  -j RETURN
# firewall-cmd --direct --permanent --add-rule ipv4 filter restrict_apache 3  -j REJECT

#firewall-cmd --reload

But it is not blocking any traffic to other subnets

DD Active Contributor 165 points
17 April 2018 12:44 PM

It works, found my mistakesssss

#firewall-cmd --direct --permanent --add-chain restrict_apache
#firewall-cmd --direct --permanent --add-rule ipv4 filter OUTPUT 1 -m owner --uid-owner apache -j restrict_apache
#firewall-cmd --direct --permanent --add-rule ipv4 filter restrict_apache 2 -d 10.0.24.0/22 -j ACCEPT
#firewall-cmd --direct --permanent --add-rule ipv4 filter restrict_apache 3 -j DROP

#firewall-cmd --reload
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.