Youtube not blocked by iptablesiptables port forward forwardingFsockOpen problem with Iptables inside OpenVZ VMFirewall still blocking port 53 despite listing otherwise?iptables allow http incoming connections, state NEW, ESTABLISHEDForward http traffic to another ip address with iptablesssh connection refused with out iptables rullesTrying to make iptables stateless is causing unforeseen filteringIptables port forwarding for specific host dd-wrt/tomatoiptables outgoing default policy is accept, but some ports appear blocked
I am 15 years old and do not go to a Yeshiva but would like to learn Talmud. A few rabbis near me said they could teach me. How should I start
What should I consider when deciding whether to delay an exam?
Reorder a matrix, twice
Is there a way to hide HTML source code yet keeping it effective?
List of 1000 most common words across all languages
Comma Code - Automate the Boring Stuff with Python
How to deal with a Homophobic PC
Why did the Soviet Union not "grant" Inner Mongolia to Mongolia after World War Two?
What is the difference between an astronaut in the ISS and a freediver in perfect neutral buoyancy?
Symbol for function composition like a big sum
Does the Way of Shadow monk's Shadow Step feature count as a magical ability?
How can an attacker use robots.txt?
Under what circumstances would RAM locations 0 and 1 be written and/or read on the C64?
How 象【しょう】 ( ≈かたち、 すがた、ようす) and 象【ぞう】 (どうぶつ) got to be written with the same kanji?
What benefits does the Power Word Kill spell have?
Late 1970's and 6502 chip facilities for operating systems
Clear text passwords in Unix
How to clarify between imagined sensations and "real" fantasy events?
A food item only made possible by time-freezing storage?
Examples of "unsuccessful" theories with afterlives
Cut a cake into 3 equal portions with only a knife
A famous scholar sent me an unpublished draft of hers. Then she died. I think her work should be published. What should I do?
Why is a road bike faster than a city bike with the same effort? & how much faster it can be?
Difference between types of yeast
Youtube not blocked by iptables
iptables port forward forwardingFsockOpen problem with Iptables inside OpenVZ VMFirewall still blocking port 53 despite listing otherwise?iptables allow http incoming connections, state NEW, ESTABLISHEDForward http traffic to another ip address with iptablesssh connection refused with out iptables rullesTrying to make iptables stateless is causing unforeseen filteringIptables port forwarding for specific host dd-wrt/tomatoiptables outgoing default policy is accept, but some ports appear blocked
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
On our Ubuntu machine I have attempted to block internet access to one of the user accounts by adding the following line to /etc/network/interfaces:
pre-up iptables -A OUTPUT -p tcp -m owner --uid-owner 1001 -j DROP
This works well except somehow Youtube and other Google properties are not blocked.
I'm not an expert in iptables, but I assumed the above command would drop all outgoing requests from the specified user. Is there something special about Google properties that would somehow cause them to be exempted?
For reference here is my iptables list:
$ sudo iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP tcp -- anywhere anywhere owner UID match ****
iptables
New contributor
add a comment
|
On our Ubuntu machine I have attempted to block internet access to one of the user accounts by adding the following line to /etc/network/interfaces:
pre-up iptables -A OUTPUT -p tcp -m owner --uid-owner 1001 -j DROP
This works well except somehow Youtube and other Google properties are not blocked.
I'm not an expert in iptables, but I assumed the above command would drop all outgoing requests from the specified user. Is there something special about Google properties that would somehow cause them to be exempted?
For reference here is my iptables list:
$ sudo iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP tcp -- anywhere anywhere owner UID match ****
iptables
New contributor
add a comment
|
On our Ubuntu machine I have attempted to block internet access to one of the user accounts by adding the following line to /etc/network/interfaces:
pre-up iptables -A OUTPUT -p tcp -m owner --uid-owner 1001 -j DROP
This works well except somehow Youtube and other Google properties are not blocked.
I'm not an expert in iptables, but I assumed the above command would drop all outgoing requests from the specified user. Is there something special about Google properties that would somehow cause them to be exempted?
For reference here is my iptables list:
$ sudo iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP tcp -- anywhere anywhere owner UID match ****
iptables
New contributor
On our Ubuntu machine I have attempted to block internet access to one of the user accounts by adding the following line to /etc/network/interfaces:
pre-up iptables -A OUTPUT -p tcp -m owner --uid-owner 1001 -j DROP
This works well except somehow Youtube and other Google properties are not blocked.
I'm not an expert in iptables, but I assumed the above command would drop all outgoing requests from the specified user. Is there something special about Google properties that would somehow cause them to be exempted?
For reference here is my iptables list:
$ sudo iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP tcp -- anywhere anywhere owner UID match ****
iptables
iptables
New contributor
New contributor
New contributor
asked 8 hours ago
spencerrecnepsspencerrecneps
1083 bronze badges
1083 bronze badges
New contributor
New contributor
add a comment
|
add a comment
|
1 Answer
1
active
oldest
votes
Is the user using Chrome/Chromium? Then the browser is most likely using QUIC for those sites, and that protocol uses UDP as the transport.
You can block UDP ports 80 and 443 to solve it.
New contributor
You can also just remove-p tcp
and thereby block everything.
– Michael Hampton♦
4 hours ago
I wondered if there was something special about Chrome with Google sites. That was definitely it. I removed -p tcp and everything is now blocked.
– spencerrecneps
2 hours ago
add a comment
|
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
spencerrecneps is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f985129%2fyoutube-not-blocked-by-iptables%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Is the user using Chrome/Chromium? Then the browser is most likely using QUIC for those sites, and that protocol uses UDP as the transport.
You can block UDP ports 80 and 443 to solve it.
New contributor
You can also just remove-p tcp
and thereby block everything.
– Michael Hampton♦
4 hours ago
I wondered if there was something special about Chrome with Google sites. That was definitely it. I removed -p tcp and everything is now blocked.
– spencerrecneps
2 hours ago
add a comment
|
Is the user using Chrome/Chromium? Then the browser is most likely using QUIC for those sites, and that protocol uses UDP as the transport.
You can block UDP ports 80 and 443 to solve it.
New contributor
You can also just remove-p tcp
and thereby block everything.
– Michael Hampton♦
4 hours ago
I wondered if there was something special about Chrome with Google sites. That was definitely it. I removed -p tcp and everything is now blocked.
– spencerrecneps
2 hours ago
add a comment
|
Is the user using Chrome/Chromium? Then the browser is most likely using QUIC for those sites, and that protocol uses UDP as the transport.
You can block UDP ports 80 and 443 to solve it.
New contributor
Is the user using Chrome/Chromium? Then the browser is most likely using QUIC for those sites, and that protocol uses UDP as the transport.
You can block UDP ports 80 and 443 to solve it.
New contributor
New contributor
answered 7 hours ago
Eduardo TrápaniEduardo Trápani
661 bronze badge
661 bronze badge
New contributor
New contributor
You can also just remove-p tcp
and thereby block everything.
– Michael Hampton♦
4 hours ago
I wondered if there was something special about Chrome with Google sites. That was definitely it. I removed -p tcp and everything is now blocked.
– spencerrecneps
2 hours ago
add a comment
|
You can also just remove-p tcp
and thereby block everything.
– Michael Hampton♦
4 hours ago
I wondered if there was something special about Chrome with Google sites. That was definitely it. I removed -p tcp and everything is now blocked.
– spencerrecneps
2 hours ago
You can also just remove
-p tcp
and thereby block everything.– Michael Hampton♦
4 hours ago
You can also just remove
-p tcp
and thereby block everything.– Michael Hampton♦
4 hours ago
I wondered if there was something special about Chrome with Google sites. That was definitely it. I removed -p tcp and everything is now blocked.
– spencerrecneps
2 hours ago
I wondered if there was something special about Chrome with Google sites. That was definitely it. I removed -p tcp and everything is now blocked.
– spencerrecneps
2 hours ago
add a comment
|
spencerrecneps is a new contributor. Be nice, and check out our Code of Conduct.
spencerrecneps is a new contributor. Be nice, and check out our Code of Conduct.
spencerrecneps is a new contributor. Be nice, and check out our Code of Conduct.
spencerrecneps is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f985129%2fyoutube-not-blocked-by-iptables%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown