Mfcttrf

I am 15 years old and do not go to a Yeshiva but would like to learn Talmud. A few rabbis near me said they could teach me. How should I start

What should I consider when deciding whether to delay an exam?

Reorder a matrix, twice

Is there a way to hide HTML source code yet keeping it effective?

List of 1000 most common words across all languages

Comma Code - Automate the Boring Stuff with Python

How to deal with a Homophobic PC

Why did the Soviet Union not "grant" Inner Mongolia to Mongolia after World War Two?

What is the difference between an astronaut in the ISS and a freediver in perfect neutral buoyancy?

Symbol for function composition like a big sum

Does the Way of Shadow monk's Shadow Step feature count as a magical ability?

How can an attacker use robots.txt?

Under what circumstances would RAM locations 0 and 1 be written and/or read on the C64?

How 象【しょう】 ( ≈かたち、 すがた、ようす) and 象【ぞう】 (どうぶつ) got to be written with the same kanji?

What benefits does the Power Word Kill spell have?

Late 1970's and 6502 chip facilities for operating systems

Clear text passwords in Unix

How to clarify between imagined sensations and "real" fantasy events?

A food item only made possible by time-freezing storage?

Examples of "unsuccessful" theories with afterlives

Cut a cake into 3 equal portions with only a knife

A famous scholar sent me an unpublished draft of hers. Then she died. I think her work should be published. What should I do?

Why is a road bike faster than a city bike with the same effort? & how much faster it can be?

Difference between types of yeast

Youtube not blocked by iptables

iptables port forward forwardingFsockOpen problem with Iptables inside OpenVZ VMFirewall still blocking port 53 despite listing otherwise?iptables allow http incoming connections, state NEW, ESTABLISHEDForward http traffic to another ip address with iptablesssh connection refused with out iptables rullesTrying to make iptables stateless is causing unforeseen filteringIptables port forwarding for specific host dd-wrt/tomatoiptables outgoing default policy is accept, but some ports appear blocked

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;

1

On our Ubuntu machine I have attempted to block internet access to one of the user accounts by adding the following line to /etc/network/interfaces:

pre-up iptables -A OUTPUT -p tcp -m owner --uid-owner 1001 -j DROP

This works well except somehow Youtube and other Google properties are not blocked.

I'm not an expert in iptables, but I assumed the above command would drop all outgoing requests from the specified user. Is there something special about Google properties that would somehow cause them to be exempted?

For reference here is my iptables list:

$ sudo iptables --list

Chain INPUT (policy ACCEPT)
target prot opt source destination 

Chain FORWARD (policy ACCEPT)
target prot opt source destination 

Chain OUTPUT (policy ACCEPT)
target prot opt source destination 
DROP tcp -- anywhere anywhere owner UID match ****

iptables

share|improve this question

asked 8 hours ago

spencerrecnepsspencerrecneps

10833 bronze badges

New contributor

spencerrecneps is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment
 | 

1

On our Ubuntu machine I have attempted to block internet access to one of the user accounts by adding the following line to /etc/network/interfaces:

pre-up iptables -A OUTPUT -p tcp -m owner --uid-owner 1001 -j DROP

This works well except somehow Youtube and other Google properties are not blocked.

I'm not an expert in iptables, but I assumed the above command would drop all outgoing requests from the specified user. Is there something special about Google properties that would somehow cause them to be exempted?

For reference here is my iptables list:

$ sudo iptables --list

Chain INPUT (policy ACCEPT)
target prot opt source destination 

Chain FORWARD (policy ACCEPT)
target prot opt source destination 

Chain OUTPUT (policy ACCEPT)
target prot opt source destination 
DROP tcp -- anywhere anywhere owner UID match ****

iptables

share|improve this question

asked 8 hours ago

spencerrecnepsspencerrecneps

10833 bronze badges

New contributor

spencerrecneps is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment
 | 

On our Ubuntu machine I have attempted to block internet access to one of the user accounts by adding the following line to /etc/network/interfaces:

pre-up iptables -A OUTPUT -p tcp -m owner --uid-owner 1001 -j DROP

This works well except somehow Youtube and other Google properties are not blocked.

I'm not an expert in iptables, but I assumed the above command would drop all outgoing requests from the specified user. Is there something special about Google properties that would somehow cause them to be exempted?

For reference here is my iptables list:

$ sudo iptables --list

Chain INPUT (policy ACCEPT)
target prot opt source destination 

Chain FORWARD (policy ACCEPT)
target prot opt source destination 

Chain OUTPUT (policy ACCEPT)
target prot opt source destination 
DROP tcp -- anywhere anywhere owner UID match ****

iptables

share|improve this question

asked 8 hours ago

spencerrecnepsspencerrecneps

10833 bronze badges

New contributor

spencerrecneps is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

pre-up iptables -A OUTPUT -p tcp -m owner --uid-owner 1001 -j DROP

$ sudo iptables --list

Chain INPUT (policy ACCEPT)
target prot opt source destination 

Chain FORWARD (policy ACCEPT)
target prot opt source destination 

Chain OUTPUT (policy ACCEPT)
target prot opt source destination 
DROP tcp -- anywhere anywhere owner UID match ****

share|improve this question

asked 8 hours ago

spencerrecnepsspencerrecneps

10833 bronze badges

New contributor

spencerrecneps is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

asked 8 hours ago

spencerrecnepsspencerrecneps

10833 bronze badges

New contributor

spencerrecneps is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked 8 hours ago

spencerrecnepsspencerrecneps

10833 bronze badges

New contributor

spencerrecneps is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked 8 hours ago

spencerrecnepsspencerrecneps

10833 bronze badges

1 Answer
1

active

oldest

votes

5

Is the user using Chrome/Chromium? Then the browser is most likely using QUIC for those sites, and that protocol uses UDP as the transport.

You can block UDP ports 80 and 443 to solve it.

share|improve this answer

answered 7 hours ago

Eduardo TrápaniEduardo Trápani

6611 bronze badge

New contributor

Eduardo Trápani is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  You can also just remove -p tcp and thereby block everything.
  
  – Michael Hampton♦
  4 hours ago
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I wondered if there was something special about Chrome with Google sites. That was definitely it. I removed -p tcp and everything is now blocked.
  
  – spencerrecneps
  2 hours ago
  

  
  
  
  

add a comment
 | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

spencerrecneps is a new contributor. Be nice, and check out our Code of Conduct.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f985129%2fyoutube-not-blocked-by-iptables%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

5

Is the user using Chrome/Chromium? Then the browser is most likely using QUIC for those sites, and that protocol uses UDP as the transport.

You can block UDP ports 80 and 443 to solve it.

share|improve this answer

answered 7 hours ago

Eduardo TrápaniEduardo Trápani

6611 bronze badge

New contributor

Eduardo Trápani is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  You can also just remove -p tcp and thereby block everything.
  
  – Michael Hampton♦
  4 hours ago
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I wondered if there was something special about Chrome with Google sites. That was definitely it. I removed -p tcp and everything is now blocked.
  
  – spencerrecneps
  2 hours ago
  

  
  
  
  

add a comment
 | 

5

Is the user using Chrome/Chromium? Then the browser is most likely using QUIC for those sites, and that protocol uses UDP as the transport.

You can block UDP ports 80 and 443 to solve it.

share|improve this answer

answered 7 hours ago

Eduardo TrápaniEduardo Trápani

6611 bronze badge

New contributor

Eduardo Trápani is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  You can also just remove -p tcp and thereby block everything.
  
  – Michael Hampton♦
  4 hours ago
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I wondered if there was something special about Chrome with Google sites. That was definitely it. I removed -p tcp and everything is now blocked.
  
  – spencerrecneps
  2 hours ago
  

  
  
  
  

add a comment
 | 

Is the user using Chrome/Chromium? Then the browser is most likely using QUIC for those sites, and that protocol uses UDP as the transport.

You can block UDP ports 80 and 443 to solve it.

share|improve this answer

answered 7 hours ago

Eduardo TrápaniEduardo Trápani

6611 bronze badge

New contributor

Eduardo Trápani is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this answer

answered 7 hours ago

Eduardo TrápaniEduardo Trápani

6611 bronze badge

New contributor

Eduardo Trápani is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

answered 7 hours ago

Eduardo TrápaniEduardo Trápani

6611 bronze badge

New contributor

Eduardo Trápani is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

answered 7 hours ago

Eduardo TrápaniEduardo Trápani

6611 bronze badge