3

Possible Duplicate:
How to restrict internet access for a particular user on the lan using iptables in Linux

I have 4 accounts on my computer (I have root access). I want to block off ALL internet access to one of the users. My computer connects to the internet primarily through Wi-Fi. The user should not be able to connect, surf the internet or even use the local network. I found a solution here but I'm not sure that would work for me. (Plus I need something simpler)

I am using Ubuntu 10.04

How do I do this without much tweaking? (Basically, I want a quick and simple solution)

I tried reading about Iptables but its beyond my knowledge.

Community
  • 1
  • I had included that link in my question but IPTables looks too confusing to use. Aah well, If there is nothing else I can use. –  Feb 03 '12 at 05:11
  • Iptables really is the best job for this. A single iptables command does it. All you have to do is change that --uid-owner value to match the user you want to block and youre done. Wanting something simpler doesnt make the answer wrong (plus, you dont get much simpler than that). – phemmer Feb 06 '12 at 05:12
  • I just hoped for a nice GUI. But considering that isn't available/possible, I think iptables is a compromise. –  Feb 06 '12 at 12:48
  • if you need a gui, there's firewall-config for firewalld. Check this answer on the duplicate question. – Scrooge McDuck Nov 11 '21 at 03:57

2 Answers2

1

If you install one of the parental controls apps e.g. Nanny you can restrict the amount of time a user has access to the Internet to zero/never. There are other parental controls apps, don't have one in particular to recommend but this should give you the level of control you want, with the simplicity of a GUI app.

bsd
  • 11,036
  • 1
    Nanny doesn't work. I tried giving the user 0 time on web browser, internet messaging and stuff. I rebooted and 5 mins later, that user was gladly surfing rage comics. –  Feb 03 '12 at 05:12
-1

If you have iptables and connlimit installed you can limit incoming connections for a certain range or a single IP:

iptables -I FORWARD -p ! tcp -m iprange --src-range 192.168.1.100-192.168.1.102 -m connlimit --connlimit-above 50 -j REJECT
ip6tables -I FORWARD -p ! tcp -m iprange --src-range 192.168.1.100-192.168.1.102 -m connlimit --connlimit-above 50 -j REJECT

This can reject incoming connections above 50 open sockets for IP x.x.x.100 to x.x.x.102. I'm not sure if you can change the value to reject all incoming connections. I use this basically to throttle download for a single IP.

Stephen Kitt
  • 434,908
Micromega
  • 4,211