How to block access to a local user to a local port?

unix networking linux debian iptables

Solution 1:

The full command as mentioned by Iain would look something like this

iptables -t filter -A OUTPUT -p tcp --dport 25600 --match owner --uid-owner 503 -j DROP

Just remember to edit the --uid-owner 503 to the correct UID for user Elvis

Solution 2:

Iptables has an owner module that you can use

This module attempts to match various characteristics of the packet creator, for locally-generated packets. It is only valid in the OUTPUT chain, and even this some packets (such as ICMP ping responses) may have no owner, and hence never match.

You would want to use

--uid-owner userid Matches if the packet was created by a process with the given effective user id.

You just need to combine this with other suitable iptables parameters e.g. --dport to make the filter that works for you.

Related

How do I rename a Windows computer from command line?
how do you disconnect an active user logged in to a box?
Can't reliably ping 6224 router from directly-attached system
Apache2 Virtual Host auto redirects to https
How necessary is a static IP when running a webserver from home
Multiple SSL certificates with Squid reverse proxy
Performance issue with JVM (1.6.0_22) invoking OS command on Solaris 10
Unable to deploy printers via GPO User Configuration after Windows update KB5005033 got installed ("Do you trust this printer?" issue)
Physical security for portable computers - any alternative to Kensington locks?
why measure theory for probability?
Does $\mathfrak{(p<q)\land(r<s)}$ imply $\mathfrak{p^r<q^s}$?
Determine third point of triangle when two points and all sides are known?