leandro noferini ha scritto: [...] > Ok, now ipfilter does not complain but I cannot connect anymore. > > :-( > > I will investigate more. I applied these rules for iptables (in this order): iptables -A OUTPUT -p tcp -m owner --uid-owner anonymous -m tcp --syn -j REDIRECT --to-ports 9040 iptables -t nat -A OUTPUT -p udp -m owner --uid-owner anonymous -m udp --dport 53 -j REDIRECT --to-ports 53 iptables -A OUTPUT -m owner --uid-owner anonymous -j DROP that gave this firewall.rules (saved with iptables-save) # Generated by iptables-save v1.4.3.2 on Thu May 14 22:38:12 2009 *filter :INPUT ACCEPT [16071:6425763] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [15031:2354190] -A OUTPUT -m owner --uid-owner anonymous -j DROP COMMIT # Completed on Thu May 14 22:38:12 2009 # Generated by iptables-save v1.4.3.2 on Thu May 14 22:38:12 2009 *nat :PREROUTING ACCEPT [350:71565] :POSTROUTING ACCEPT [264:19517] :OUTPUT ACCEPT [264:19517] -A OUTPUT -p tcp -m owner --uid-owner anonymous -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040 -A OUTPUT -p udp -m owner --uid-owner anonymous -m udp --dport 53 -j REDIRECT --to-ports 53 COMMIT # Completed on Thu May 14 22:38:12 2009 But now the user cannot connect anywhere and if I try to see what the configuration for iptables is I get this minchioncino:~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination DROP all -- anywhere anywhere owner UID match anonymous I think this is not correct because all traffic coming from the user is dropped, right? -- Ciao leandro Io non voglio sapere tutto, io voglio capire tutto
Attachment:
pgpxK2TpZsTGc.pgp
Description: PGP signature