How to disable internet for a user on a system

I know about changing owners/permissions on particular programs/files, but how can I control which users have access to the network card (NIC) or have the power to create network sockets?


As described here, you can block all Internet access for certain users using this iptables command:

sudo iptables -A OUTPUT -m owner --uid-owner {USERNAME} -j REJECT
sudo ip6tables -A OUTPUT -m owner --uid-owner {USERNAME} -j REJECT

If you want this command to run automatically when the system starts up, you should add it to the end of your /etc/rc.local file.

While this won't make it impossible for those users to create sockets, it will block all outgoing traffic (like a firewall).