Hello, Sthu Deus a écrit : > > > Whats' wrong w/ my set up (I want to allow output traffic for the users > that are in the allowed group only): > > iptables -I OUTPUT 1 -m owner ! --gid-owner allowed -j DROP > > but what I get is that all the users including those in the allowed > group are blocked.
--gid-owner does not match /any/ group the user sending the packet belongs to ; it matches the group id of the process sending the packet. Unless you change it e.g. with newgrp, the current group id is the user's default group id. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
