[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to enable LDAP ports in iptables for OpenLDAP client node





On 13/08/2012 15:25, Qian Zhang wrote:
Allow connections too localhost for uid0 then block to anything else

Can you please let me know the logic behind this? Basically, I want to
block any non-root user to access network.


Thanks,
Qian

sorry I misread.

The issue is that some services/daemons dont run as root but as normal system accounts and by blocking access too all non root users, you effectively block these services from working further alot of local services/daemons use 127.0.0.1/localhost too connect to and there isnt any benefit in blocking access to localhost.

my suggestion is too rather look at ensuring users are all in a certain group and then use iptables too block that group from accessing the network outside of localhost.

--
Thank you,

Mark Adrian Coetser
mark@pkfnet.co.za

We all live in a state of ambitious poverty.
		-- Decimus Junius Juvenalis