Web lists-archives.com

Re: Running GParted and Synaptic without entering password




On 05/14/2018 07:40 PM, David Wright wrote:
On Mon 14 May 2018 at 08:01:05 (-0500), Richard Owlett wrote:

Only 1 of the four machines within arm's reach are physically
capable of connecting to the internet. Is there a way to block
internet access for members of one group - similar to how "dialout"
might have been used when connectivity was a 56k modem?

AFAIK group dialout gives you access to the serial ports with their
modems, and dip gives you access to ppp's configuration files. These
enable you to configure and instigate connections,

Was there a companion tool do a forced disconnect?
I use a USB connected T-Mobile hotspot with WiFi disabled.
It currently appears to the system as /dev/sdb .
Is there a way to enable/disable access to that device?

but that never
had any effect on users, who can all use the IP link once it's up.

To block a group, I think you'd have to use a packet filter to
drop their outgoing packets. Take a look at
http://ipset.netfilter.org/iptables-extensions.man.html
under the heading "owner".

That gives just enough information to tantalize ;[
What should I search for to see a sample use.
My only iptable knowledge is that they exist.


OTOH it's easy to voluntarily block some browsers from being able
to make non-local connections, eg:   lynx -localhost

I've not seen anything useful in that vein with SeaMonkey.
It defaults to giving web access with an option to later view only local files.


Cheers,
David.