Reputation: 260
How to limit port 80 to just one user with iptables
I want to limit port 80 so that only one user can use it. I want to do this with iptables I have not found any documentation on how to do this.
Upvotes: 1
Views: 1406
Answers (2)
Reputation: 146181
If you mean "a local user with a discrete uid" then you can use the owner module (-m owner) and the --uid-owner # option.
But there are some problems here:
- This only works on outbound packets.
- Some packets don't have owners.
By themselves, those might not normally be deal-breakers. But you need to effectively invert the conditional and block packets not matching the user. I suspect this will sufficiently break protocol processing that a simple attempt to do this will fail.
I would say, forward port 80 output that you know will have a user association to a separate chain, and then filter only that chain by user. This should sufficiently break other user's traffic but not internal traffic to generally meet your requirement.
Upvotes: 2
Reputation: 140437
iptables has the -m owner --uid-owner ### match which "Matches if the packet was created by a process with the given effective user id"
Upvotes: 1
Related Questions
- How to configure docker's iptables rule DOCKER-USER to restrict output?
- iptables redirect 80 to 8080 but block public 8080 access
- iptables block INPUT port 80
- How to block access to an IP via a specific port
- How to restrict an Interface to certain IPs and Ports with iptables?
- Restricting listen port access
- How to Limit Connections for user
- aws ec2 iptables port 80 (http)
- How to block all traffic for a given user?
- bind port 80 to non root user. CentOS