Block network traffic based on UID / User and GID / Group
Posted in Operating Systems, Linux, Services, Tips on Thursday, July 19, 2018 by cam
I just found out that you can apply different IPTables rules based on UID and GID.
Just check that your kernel / iptables supports the module:
iptables -m owner --help
Which should output near the bottom like:
owner match options: [!] --uid-owner userid[-userid] Match local UID [!] --gid-owner groupid[-groupid] Match local GID [!] --socket-exists Match if socket exists
Then make a rule as required. Eg. User ‘cm’ gets their web traffic transparently proxied via Squid.
iptables -m owner --uid-owner cm -t nat -A OUTPUT -i eth0 -p tcp --dport 80 -j DNAT --to 127.0.0.1:3128
Pretty cool!