Youtube not blocked by iptablesiptables port forward forwardingFsockOpen problem with Iptables inside OpenVZ VMFirewall still blocking port 53 despite listing otherwise?iptables allow http incoming connections, state NEW, ESTABLISHEDForward http traffic to another ip address with iptablesssh connection refused with out iptables rullesTrying to make iptables stateless is causing unforeseen filteringIptables port forwarding for specific host dd-wrt/tomatoiptables outgoing default policy is accept, but some ports appear blocked

I am 15 years old and do not go to a Yeshiva but would like to learn Talmud. A few rabbis near me said they could teach me. How should I start

What should I consider when deciding whether to delay an exam?

Reorder a matrix, twice

Is there a way to hide HTML source code yet keeping it effective?

List of 1000 most common words across all languages

Comma Code - Automate the Boring Stuff with Python

How to deal with a Homophobic PC

Why did the Soviet Union not "grant" Inner Mongolia to Mongolia after World War Two?

What is the difference between an astronaut in the ISS and a freediver in perfect neutral buoyancy?

Symbol for function composition like a big sum

Does the Way of Shadow monk's Shadow Step feature count as a magical ability?

How can an attacker use robots.txt?

Under what circumstances would RAM locations 0 and 1 be written and/or read on the C64?

How 象【しょう】 ( ≈かたち、 すがた、ようす) and 象【ぞう】 (どうぶつ) got to be written with the same kanji?

What benefits does the Power Word Kill spell have?

Late 1970's and 6502 chip facilities for operating systems

Clear text passwords in Unix

How to clarify between imagined sensations and "real" fantasy events?

A food item only made possible by time-freezing storage?

Examples of "unsuccessful" theories with afterlives

Cut a cake into 3 equal portions with only a knife

A famous scholar sent me an unpublished draft of hers. Then she died. I think her work should be published. What should I do?

Why is a road bike faster than a city bike with the same effort? & how much faster it can be?

Difference between types of yeast



Youtube not blocked by iptables


iptables port forward forwardingFsockOpen problem with Iptables inside OpenVZ VMFirewall still blocking port 53 despite listing otherwise?iptables allow http incoming connections, state NEW, ESTABLISHEDForward http traffic to another ip address with iptablesssh connection refused with out iptables rullesTrying to make iptables stateless is causing unforeseen filteringIptables port forwarding for specific host dd-wrt/tomatoiptables outgoing default policy is accept, but some ports appear blocked






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








1















On our Ubuntu machine I have attempted to block internet access to one of the user accounts by adding the following line to /etc/network/interfaces:



pre-up iptables -A OUTPUT -p tcp -m owner --uid-owner 1001 -j DROP


This works well except somehow Youtube and other Google properties are not blocked.



I'm not an expert in iptables, but I assumed the above command would drop all outgoing requests from the specified user. Is there something special about Google properties that would somehow cause them to be exempted?



For reference here is my iptables list:



$ sudo iptables --list

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP tcp -- anywhere anywhere owner UID match ****









share|improve this question







New contributor



spencerrecneps is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.



























    1















    On our Ubuntu machine I have attempted to block internet access to one of the user accounts by adding the following line to /etc/network/interfaces:



    pre-up iptables -A OUTPUT -p tcp -m owner --uid-owner 1001 -j DROP


    This works well except somehow Youtube and other Google properties are not blocked.



    I'm not an expert in iptables, but I assumed the above command would drop all outgoing requests from the specified user. Is there something special about Google properties that would somehow cause them to be exempted?



    For reference here is my iptables list:



    $ sudo iptables --list

    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    DROP tcp -- anywhere anywhere owner UID match ****









    share|improve this question







    New contributor



    spencerrecneps is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.























      1












      1








      1








      On our Ubuntu machine I have attempted to block internet access to one of the user accounts by adding the following line to /etc/network/interfaces:



      pre-up iptables -A OUTPUT -p tcp -m owner --uid-owner 1001 -j DROP


      This works well except somehow Youtube and other Google properties are not blocked.



      I'm not an expert in iptables, but I assumed the above command would drop all outgoing requests from the specified user. Is there something special about Google properties that would somehow cause them to be exempted?



      For reference here is my iptables list:



      $ sudo iptables --list

      Chain INPUT (policy ACCEPT)
      target prot opt source destination

      Chain FORWARD (policy ACCEPT)
      target prot opt source destination

      Chain OUTPUT (policy ACCEPT)
      target prot opt source destination
      DROP tcp -- anywhere anywhere owner UID match ****









      share|improve this question







      New contributor



      spencerrecneps is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      On our Ubuntu machine I have attempted to block internet access to one of the user accounts by adding the following line to /etc/network/interfaces:



      pre-up iptables -A OUTPUT -p tcp -m owner --uid-owner 1001 -j DROP


      This works well except somehow Youtube and other Google properties are not blocked.



      I'm not an expert in iptables, but I assumed the above command would drop all outgoing requests from the specified user. Is there something special about Google properties that would somehow cause them to be exempted?



      For reference here is my iptables list:



      $ sudo iptables --list

      Chain INPUT (policy ACCEPT)
      target prot opt source destination

      Chain FORWARD (policy ACCEPT)
      target prot opt source destination

      Chain OUTPUT (policy ACCEPT)
      target prot opt source destination
      DROP tcp -- anywhere anywhere owner UID match ****






      iptables






      share|improve this question







      New contributor



      spencerrecneps is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.










      share|improve this question







      New contributor



      spencerrecneps is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.








      share|improve this question




      share|improve this question






      New contributor



      spencerrecneps is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.








      asked 8 hours ago









      spencerrecnepsspencerrecneps

      1083 bronze badges




      1083 bronze badges




      New contributor



      spencerrecneps is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.




      New contributor




      spencerrecneps is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.

























          1 Answer
          1






          active

          oldest

          votes


















          5
















          Is the user using Chrome/Chromium? Then the browser is most likely using QUIC for those sites, and that protocol uses UDP as the transport.



          You can block UDP ports 80 and 443 to solve it.






          share|improve this answer








          New contributor



          Eduardo Trápani is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.





















          • You can also just remove -p tcp and thereby block everything.

            – Michael Hampton
            4 hours ago












          • I wondered if there was something special about Chrome with Google sites. That was definitely it. I removed -p tcp and everything is now blocked.

            – spencerrecneps
            2 hours ago













          Your Answer








          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "2"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );







          spencerrecneps is a new contributor. Be nice, and check out our Code of Conduct.









          draft saved

          draft discarded
















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f985129%2fyoutube-not-blocked-by-iptables%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          5
















          Is the user using Chrome/Chromium? Then the browser is most likely using QUIC for those sites, and that protocol uses UDP as the transport.



          You can block UDP ports 80 and 443 to solve it.






          share|improve this answer








          New contributor



          Eduardo Trápani is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.





















          • You can also just remove -p tcp and thereby block everything.

            – Michael Hampton
            4 hours ago












          • I wondered if there was something special about Chrome with Google sites. That was definitely it. I removed -p tcp and everything is now blocked.

            – spencerrecneps
            2 hours ago















          5
















          Is the user using Chrome/Chromium? Then the browser is most likely using QUIC for those sites, and that protocol uses UDP as the transport.



          You can block UDP ports 80 and 443 to solve it.






          share|improve this answer








          New contributor



          Eduardo Trápani is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.





















          • You can also just remove -p tcp and thereby block everything.

            – Michael Hampton
            4 hours ago












          • I wondered if there was something special about Chrome with Google sites. That was definitely it. I removed -p tcp and everything is now blocked.

            – spencerrecneps
            2 hours ago













          5














          5










          5









          Is the user using Chrome/Chromium? Then the browser is most likely using QUIC for those sites, and that protocol uses UDP as the transport.



          You can block UDP ports 80 and 443 to solve it.






          share|improve this answer








          New contributor



          Eduardo Trápani is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.









          Is the user using Chrome/Chromium? Then the browser is most likely using QUIC for those sites, and that protocol uses UDP as the transport.



          You can block UDP ports 80 and 443 to solve it.







          share|improve this answer








          New contributor



          Eduardo Trápani is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.








          share|improve this answer



          share|improve this answer






          New contributor



          Eduardo Trápani is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.








          answered 7 hours ago









          Eduardo TrápaniEduardo Trápani

          661 bronze badge




          661 bronze badge




          New contributor



          Eduardo Trápani is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.




          New contributor




          Eduardo Trápani is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.

















          • You can also just remove -p tcp and thereby block everything.

            – Michael Hampton
            4 hours ago












          • I wondered if there was something special about Chrome with Google sites. That was definitely it. I removed -p tcp and everything is now blocked.

            – spencerrecneps
            2 hours ago

















          • You can also just remove -p tcp and thereby block everything.

            – Michael Hampton
            4 hours ago












          • I wondered if there was something special about Chrome with Google sites. That was definitely it. I removed -p tcp and everything is now blocked.

            – spencerrecneps
            2 hours ago
















          You can also just remove -p tcp and thereby block everything.

          – Michael Hampton
          4 hours ago






          You can also just remove -p tcp and thereby block everything.

          – Michael Hampton
          4 hours ago














          I wondered if there was something special about Chrome with Google sites. That was definitely it. I removed -p tcp and everything is now blocked.

          – spencerrecneps
          2 hours ago





          I wondered if there was something special about Chrome with Google sites. That was definitely it. I removed -p tcp and everything is now blocked.

          – spencerrecneps
          2 hours ago











          spencerrecneps is a new contributor. Be nice, and check out our Code of Conduct.









          draft saved

          draft discarded

















          spencerrecneps is a new contributor. Be nice, and check out our Code of Conduct.












          spencerrecneps is a new contributor. Be nice, and check out our Code of Conduct.











          spencerrecneps is a new contributor. Be nice, and check out our Code of Conduct.














          Thanks for contributing an answer to Server Fault!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f985129%2fyoutube-not-blocked-by-iptables%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Invision Community Contents History See also References External links Navigation menuProprietaryinvisioncommunity.comIPS Community ForumsIPS Community Forumsthis blog entry"License Changes, IP.Board 3.4, and the Future""Interview -- Matt Mecham of Ibforums""CEO Invision Power Board, Matt Mecham Is a Liar, Thief!"IPB License Explanation 1.3, 1.3.1, 2.0, and 2.1ArchivedSecurity Fixes, Updates And Enhancements For IPB 1.3.1Archived"New Demo Accounts - Invision Power Services"the original"New Default Skin"the original"Invision Power Board 3.0.0 and Applications Released"the original"Archived copy"the original"Perpetual licenses being done away with""Release Notes - Invision Power Services""Introducing: IPS Community Suite 4!"Invision Community Release Notes

          Canceling a color specificationRandomly assigning color to Graphics3D objects?Default color for Filling in Mathematica 9Coloring specific elements of sets with a prime modified order in an array plotHow to pick a color differing significantly from the colors already in a given color list?Detection of the text colorColor numbers based on their valueCan color schemes for use with ColorData include opacity specification?My dynamic color schemes

          Ласкавець круглолистий Зміст Опис | Поширення | Галерея | Примітки | Посилання | Навігаційне меню58171138361-22960890446Bupleurum rotundifoliumEuro+Med PlantbasePlants of the World Online — Kew ScienceGermplasm Resources Information Network (GRIN)Ласкавецькн. VI : Літери Ком — Левиправивши або дописавши її