On Wednesday 28 May 2003 17:39, Bernd wrote:
How about this!!! <snip!>
Those ideas could work. I've come up with a couple more: The SuSE kernel (which I don't use, so I can't be sure, but...) seems to be compiled with the experimental CONFIG_IP_NF_MATCH_OWNER set, which means iptables might be able to do what's required. From the man page: owner This module attempts to match various characteristics of the packet creator, for locally-generated packets. It is only valid in the OUTPUT chain, and even this some packets (such as ICMP ping responses) may have no owner, and hence never match. --uid-owner userid Matches if the packet was created by a process with the given effective user id. so for example you could do: iptables -A OUTPUT -m owner --uid-owner 1000 -j ACCEPT to allow outgoing traffic created by the user with userid 1000 Well, maybe. I've never tried anything like that. Also, maybe SOCKS can do it? I've never used a SOCKS server except as a client, but I think authentication is one of its tricks: http://www.socks.permeo.com/AboutSOCKS/SOCKSOverview.asp -- "...our desktop is falling behind stability-wise and feature wise to KDE ...when I went to Mexico in December to the facility where we launched gnome, they had all switched to KDE3." - Miguel de Icaza, March 2003