ubuntu – How to disable the Internet for a user

Question:

How can I disable the network for a user on Ubuntu 14.04/16.04?
(The user is not an administrator.)

Answer:

The command to disable the Internet was found on askubuntu :

sudo iptables -A OUTPUT -p all -m owner --uid-owner <user-name> -j DROP

This command drops all packets coming from the user .

Now we need to make this change permanent. In the answer to askubuntu , they suggest creating a script in the /etc/network/if-up.d/ directory that calls the command above:

cd /etc/network/if-up.d/
gksudo gedit block_user
sudo chmod +x block_user

For some reason it didn't work for me :(, after rebooting sudo iptables -L showed the table without mentioning this user.

Another way was found on ubuntu.ru . In addition to placing the script in /etc/network/if-up.d/ , they suggest calling the script from /etc/network/interfaces :

gksudo gedit /etc/network/interfaces  

add the last line

post-up /etc/network/if-up.d/block_user

Check after reboot:

$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        
DROP       all  --  anywhere             anywhere             owner UID match <user-name>

It works now.

UPD : Since gksudo is no longer recommended and is about to be deprecated, editing can be done like so: (better open another terminal for this)

sudo -i

enter your password and then work as root. This command also moves to /root. Further:

root:~# cd /etc/network/if-up.d/
root:~# gedit block_users &
root:~# chmod +x block_user
root:~# gedit /etc/network/interfaces
root:~# exit

Note that if you close the terminal as root or do exit , gedit will close. Therefore, this can only be done after editing is completed.
Source: askubuntu .

Scroll to Top