IPTABLES allow connection to a list of IPs to a specific user (ip) - block all the rest from this user only

linux firewall iptables

Probably this is not a clean solution, but it will work

All users will have access to the internet except restricted user

# Define variables
USER_IP=172.16.0.101
ALLOW_IPS="1.2.3.4 2.3.4.5 3.4.5.6"
IF_EXTERNAL=vmbr0

# Clearing iptables from previous allow ip rules by comment and masquerade
iptables-save | grep -v "userrestricted\|MASQUERADE" | iptables-restore

# Generate rules for masquerading from restricred user(ip)
for ALLOW_IP in $ALLOW_IPS
do
iptables -t nat -A POSTROUTING -s ${USER_IP} -d ${ALLOW_IP} -o ${IF_EXTERNAL} -j MASQUERADE -m comment --comment userrestricted
done

# Trick with SNAT will invalidating target packets
iptables -t nat -A POSTROUTING -s ${USER_IP} -o ${IF_EXTERNAL} -j SNAT --to 127.0.0.1 -m comment --comment userrestricted

# Get common masquerade rule back
iptables -t nat -A POSTROUTING -o ${IF_EXTERNAL} -j MASQUERADE

It works for me, make sure you have common masquerade rule after restricted user rules

Please check it, if it's not what you want i can correct answer

Related

How to direct a custom domain at a particular tweet [closed]
Mail from Teams forwarded to Gmail marked as spam due to DMARC failure
Location redirect from domain to another one in nginx
Will this DD command work?
nfs file transfers fail, "cp: cannot stat 'dir_name': No such file or directory" but sshfs works fine
DMARC reporting unexpected SPF IP but DKIM still passes
Can I make `user` objectClass to inherit attributes from my custom `xyz` objectClass?
Image not display after using nginx
Best solutions for auto deployment of multiple server applications
Unable to list contents/remove directory (linux ext3)
Why is dhclient issuing a unicast DHCPREQUEST every ~15 seconds instead of at T1/T2 timers?
In Windows Task Manager, in the Processes tab, what does I/O Other mean?