Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Allow Firewall Ports Only for Certain Users

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
Gerowen
Posts: 182
Joined: 2011-04-11 05:12
Location: Kentucky
XMMP/Jabber: gerowen@conversations.im
Has thanked: 5 times
Been thanked: 2 times
Contact:

Allow Firewall Ports Only for Certain Users

#1 Post by Gerowen »

Let's say I've allowed a range of ports and forwarded that same range in my router. Is there a way to specify a firewall rule where that range of ports is only accessible to processes running under a certain username? Like, let's say I have opened port 80 in my firewall, that the user www will use it to host a webserver. Is it possible to treat that port as closed for other users, even if the webserver process isn't running and tying up that port? Like if another user tries to run an apache instance, even if there's no other occurrences of it currently running, have the firewall treat port 80 as closed for that user.

User avatar
dilberts_left_nut
Administrator
Administrator
Posts: 5343
Joined: 2009-10-05 07:54
Location: enzed
Has thanked: 12 times
Been thanked: 66 times

Re: Allow Firewall Ports Only for Certain Users

#2 Post by dilberts_left_nut »

iptables has the 'owner' extension
https://ipset.netfilter.org/iptables-ex ... s.man.html

Not sure if that works in nftables.
AdrianTM wrote:There's no hacker in my grandma...

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Allow Firewall Ports Only for Certain Users

#3 Post by p.H »

The "owner" match works only with outgoing packets. Incoming packets have no owner.

Post Reply