1

I have a bunch of configuration in ufw that I want to avoid porting to iptables (unless there is a easy way to export from ufw and import in iptables). Simplicity of ufw etc. being the reason.

Now I want to block outgoing network for a user on the system using - How to disable internet for a user on a system

But the problem is that if I have ufw enabled, it ignores iptable rules.

How do I ask ufw to follow iptable rules as well or maybe implement that user block in ufw?

NRJ
  • 385
  • 1
  • 4
  • 11
  • Interesting question! There's a closely related question, with a comprehensive answer, over at serverfault: https://serverfault.com/questions/198398/ubuntu-how-to-add-an-iptables-rule-that-ufw-cant-create – aplaice Jan 21 '19 at 01:08

1 Answers1

0

Following @aplaice's comment, I added the following line in /etc/ufw/after.rules 

-A ufw-after-output -m owner --uid-owner idea -j REJECT
# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT

You have to add it for the chain ufw-after-output and before COMMIT.

Restart ufw service after that.

NRJ
  • 385
  • 1
  • 4
  • 11