How to block network connection to all `root` process?

networking nftables

My system is debian 10 with nftables.
output of nethogs as below:

? root     192.168.2.10:59100-172.217.27.138:443 
? root     192.168.2.10:59086-172.217.27.138:443 
? root     192.168.2.10:59082-172.217.27.138:443 
? root     192.168.2.10:59062-172.217.27.138:443 
? root     192.168.2.10:59058-172.217.27.138:443 
? root     192.168.2.10:59054-172.217.27.138:443 
? root     192.168.2.10:59030-172.217.27.138:443 
? root     192.168.2.10:59026-172.217.27.138:443
? root     192.168.2.10:42314-27.19.249.194:443  
? root     192.168.2.10:49788-216.58.200.234:443

I ss -pl | grep 59100 but got nothing,then I plan to block all root process to network connection.
How to do it?


Solution 1:

With iptables, this would be rather easy with the owner match extension:

sudo iptables -A OUTPUT -p all -m owner --uid-owner 0 -j DROP

Likewise, nftables has matching by socket UID / GID:

sudo nft add rule filter output meta skuid 0 counter

Related

How can I compare two SSL certificates?
Cloudflare and AWS - Intermittent 525 SSL Handshake
Tar extracting from multi-volume tape whilst computing shasums
Error 4033 , Reason not-authorized
rabbitmq: with hundreds of celery workers, beam.smp consumes > 200% CPU
How can I show the subdirectory of a server as an index based on domain used to connect to it?
Can I use always on VPN device tunnel on Windows 10 Pro
Vmware esxi 6.7 installation on Poweredge T110 ll doesnt recognize RAID 5 virtual disk
How to route only specific subnet to OpenVPN Server
How do I use Nagios to monitor a log file that generates a random ID
Does mail dot com have IPV6 MX?
MLSD/MLST support in IIS FTP service