Firewall rules are applied in order. So you need to add a rule *before* your blocking rule that says:
iptables -A OUTPUT -d 127.0.0.0/24 -J ACCEPT
This will allow all localhost traffic, regardless of the owner.
Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting
Eilert wrote: > My rule is
iptables -A OUTPUT -d ! 192.168.10.0/24 -m owner --uid-owner <owner-id> -j DROP
That is, just "drop everything that goes beyond our internal network". My guess would be that a reference to localhost is missing - after all, this is LTSP, and (almost) everything is about that single machine.
Unfortunately, I don't see a chance to define kinda "OR" rule:
IF (localhost) OR (192.168.10.0/24) THEN let it pass
or
IF NOT (localhost) OR (192.168.10.0/24) THEN drop
Rolf
------------------------------------------------------- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
-------------------------------------------------------
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD - A multidimensional database that combines
robust object and relational technologies, making it a perfect match
for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.freenode.net
