[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: User configuring iptables



Am Mi, den 16.06.2004 schrieb maynard kopano uct ac za um 16:23:

> Is there any way that a user can tell iptables to allow a user to specify
> additional ports to block other than the ones in the 'root' iptables
> configuration. I do not know if there are security implications in this, but all
> that iptables would have to do was to look for further disallows in the current
> user's config directory, maybe under ~/.iptables/
> 
> If this is possible coud someone please tell me how to achieve it or something
> similar.
> 
> I am trying to run firestarter as a user level application, i.e,. without
> needing the root password everytime I run it.
> 
> Maynard

That won't work and would be awful if a user could change kernel space
settings. A normal user could disconnect the whole machine from the net
if he would be allowed to set netfilter rules using iptables. It is
root's task and only root's task to set such things.

Why do you want to have a normal user be allowed to modify iptables
settings? Are you just too lazy to run a "su -" to get a root login
shell? Check "man sudo" if the sudo command is more comfortable for you.

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) on Athlon CPU kernel 2.6.6-1.435 
Serendipity 16:28:22 up 1 day, 12:55, load average: 1.07, 1.28, 1.27 

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]