It is necessary to make a limit on the count. occupied ports, like the port itself.
For example, user test, assign port 2556, and he can run programs only on it.
Thank!
1 answer
For example, user test, assign port 2556, and he can run programs only on it.
You can, for example, make it with iptables means something like this:
iptables -A OUTPUT -m owner --uid-owner user -p tcp --dport 2556 -j ACCEPT iptables -A OUTPUT -m owner --uid-owner user -j REJECT And similarly for the INPUT chain.
This will not prevent user applications from opening other ports, but packets on them will be blocked.
Fat zer fat zer
11.1k five 21
- The problem is that I think more than 150 of these rules will not greatly affect throughput. - Anastasia Safonova
- yx problem - Fat-Zer
- @ Anastasia Safonov is unlikely to be 150, but you need to test for good. see developers.redhat.com/blog/2017/04/11/benchmarking-nftables - Ramiz
|