Block Outgoing Network Access For a Single User Using Firewalld

Latest response

How do I configure firewalld to allow a user a dedicated ip range.

Responses

You can filter outgoing traffic here: How to filter outbound or outgoing network traffic in RHEL7?

For a specific user, a quick search of man iptables-extensions shows there is a module to match on owner.

For now i have

#firewall-cmd --direct --permanent --add-chain ipv4 filter restrict_apache
#firewall-cmd --direct --permanent --add-rule ipv4 filter restrict_apache 1 -m owner --uid-owner apache
#firewall-cmd --direct --permanent --add-rule ipv4 filter restrict_apache 2 -d 10.0.24.0/22  -j RETURN
# firewall-cmd --direct --permanent --add-rule ipv4 filter restrict_apache 3  -j REJECT

#firewall-cmd --reload

But it is not blocking any traffic to other subnets

It works, found my mistakesssss

#firewall-cmd --direct --permanent --add-chain restrict_apache
#firewall-cmd --direct --permanent --add-rule ipv4 filter OUTPUT 1 -m owner --uid-owner apache -j restrict_apache
#firewall-cmd --direct --permanent --add-rule ipv4 filter restrict_apache 2 -d 10.0.24.0/22 -j ACCEPT
#firewall-cmd --direct --permanent --add-rule ipv4 filter restrict_apache 3 -j DROP

#firewall-cmd --reload