iptable

vucni

New Member
hi,
i like to understand the following.
iptables -A OUTPUT -d 192.168.30.0/24 -o eth0 -m owner --gid-owner test -j ACCEPT

is this mean that only users who belong gid test and reside in server from 192.168.30.0 can have acces in this server (where the iptables exist) using tcp protocol?the user can coonect through ssh to this server?
thank you
 


JulienCC

Active Member
i like to understand the following.
iptables -A OUTPUT -d 192.168.30.0/24 -o eth0 -m owner --gid-owner test -j ACCEPT
https://linux.die.net/man/8/iptables if you read parameter by parameter using the manual page you can figure out what's happening.

Code:
-A OUTPUT
Means we add this rule for outgoing traffic.

Code:
-d 192.168.30.0/24
Means the rule only applies for destinations that are in the 192.168.30.0 subnet, so all addresses from 192.168.30.1 to 192.168.30.254

Code:
-o etho0
Means the rule only applies to traffic going out through eth0 interface

Code:
-m owner --gid-owner test
Means we are using the module "owner", and its gid-owner option. The rule will only apply to process that have to "test" group guid. So it applies to users of group "test" if they start they program with the "test" group (a program can be started with any gid that the user belongs to).

Code:
-j ACCEPT
Means that traffic matching this rule will be accepted.

is this mean that only users who belong gid test and reside in server from 192.168.30.0 can have acces in this server (where the iptables exist) using tcp protocol?the user can coonect through ssh to this server?
thank you
No. It means that users on the server belonging to group "test" are explicitly allowed to send data throught eth0 to the 192.168.30.0/24 subnet.
What it actually do depends on the default action configured in your iptables.

But this is not the right way to allow a specific group of people to SSH into your server. SSH servers are run as root or specific ssh user.
 


Top