On Mon, 2006-07-17 at 08:36 +0200, kmartin wrote: > hi. i've never posted/reg here before but have lurked for quite awhile. > > i need to block internet access for a couple UIDs. found and a bit of an older thread on this site [url=http://fcp.homelinux.org/modules/newbb/viewtopic.php?topic_id=23058]here[/url]. this is basically what i want to do too but i'm using FC4 and the original post refers to FC3 - not sure if that has anything to do with it. so i'm executing: > > [b] iptables -D OUTPUT -m owner --uid-owner 502 --jump DROP[/b] > but i keep getting: [b]"Bad rule (does a matching rule exist in that chain?)" [/b] > That command is trying to delete a rule in the OUTPUT chain that does not exist by default. You can look back at several threads on the archive, some dealt with exactly what you are asking. Also do a bit of reading on iptables (the man page is a good very basic start on the nuts and bolts of it). Then after you understand the commands ask again. > here is the output of [font=Verdana]iptables --list[/font]: > > > Chain FORWARD (policy ACCEPT) > > target prot opt source destination > > RH-Firewall-1-INPUT all -- anywhere anywhere > > > > Chain INPUT (policy ACCEPT) > > target prot opt source destination > > RH-Firewall-1-INPUT all -- anywhere anywhere > > > > Chain OUTPUT (policy ACCEPT) > > target prot opt source destination > > > > Chain RH-Firewall-1-INPUT (2 references) > > target prot opt source destination > > ACCEPT all -- anywhere anywhere > > ACCEPT icmp -- anywhere anywhere icmp any > > ACCEPT ipv6-crypt-- anywhere anywhere > > ACCEPT ipv6-auth-- anywhere anywhere > > ACCEPT udp -- anywhere 224.0.0.251 udp dpt:5353 > > ACCEPT udp -- anywhere anywhere udp dpt:ipp > > ACCEPT all -- anywhere anywhere state > > RELATED,ESTABLISHED > > REJECT all -- anywhere anywhere reject-with > > icmp-host-prohibited > > > i checked in [b]ntsysv[/b] and iptables is selected to run at startup. just for the heck of it, i ran [b]iptables--save[/b]. the command does update my [b]/etc/sysconfig/iptables[/b] file stating current date and time for last modified but adds nothing to the file. i have not modified iptables.config in any way. do either/or NetworkManager or NetworkManagerDisbatcher services need to be running for this? > > i'm sure lots of people are already doing this. any help would be greatly appreciated!!! > > > > -- > This is an email sent via the webforum on http://fcp.homelinux.org > http://fcp.homelinux.org/modules/newbb/viewtopic.php?post_id=100170&topic_id=23936&forum=23#forumpost100170 >
