On 13/08/2012 15:25, Qian Zhang wrote:
Allow connections too localhost for uid0 then block to anything else
Can you please let me know the logic behind this? Basically, I want to block any non-root user to access network.
Thanks, Qian
sorry I misread.
The issue is that some services/daemons dont run as root but as normal system accounts and by blocking access too all non root users, you effectively block these services from working further alot of local services/daemons use 127.0.0.1/localhost too connect to and there isnt any benefit in blocking access to localhost.
my suggestion is too rather look at ensuring users are all in a certain group and then use iptables too block that group from accessing the network outside of localhost.