New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
http://www.cyberciti.biz/tips/block-outgoing-network-access-for-a-single-user-from-my-server-using-iptables.html
May help you.
Yes but my OpenVPN users do not have accounts on the machine. Their user/pw is taken from FreeRadius.
I use cip to assign them static internal ips (10.0.8.1 - 10.0.8.30)
I just need a rule that would bascially say if the IP 10.0.8.3 is trying to connect to 190.93.243.207 then it shouldn't allow it. (drop the connection or reject it or something).
Something like
I don't have OpenVPN setup to test with, but I cant see why a simple iptables rule like that would not suffice.
I think this one should work too:
iptables -I OUTPUT -o tun0 -s 10.x.x.x -p tcp --dport 80 -m string --string "Host: lowendtalk.com" --algo bm -j DROP
You can also use the PRE/POSTROUTING-chain.
PS: This will only work for unencrypted HTTP traffic. LET doesn't offer SSL, so that should be fine.