[Date Prev][Date Next]
Re: How to enable LDAP ports in iptables for OpenLDAP client node
On 13/08/2012 15:25, Qian Zhang wrote:
Allow connections too localhost for uid0 then block to anything else
Can you please let me know the logic behind this? Basically, I want to
block any non-root user to access network.
sorry I misread.
The issue is that some services/daemons dont run as root but as normal
system accounts and by blocking access too all non root users, you
effectively block these services from working further alot of local
services/daemons use 127.0.0.1/localhost too connect to and there isnt
any benefit in blocking access to localhost.
my suggestion is too rather look at ensuring users are all in a certain
group and then use iptables too block that group from accessing the
network outside of localhost.
Mark Adrian Coetser
We all live in a state of ambitious poverty.
-- Decimus Junius Juvenalis