On Mon 14 May 2018 at 08:01:05 (-0500), Richard Owlett wrote: > Only 1 of the four machines within arm's reach are physically > capable of connecting to the internet. Is there a way to block > internet access for members of one group - similar to how "dialout" > might have been used when connectivity was a 56k modem?
AFAIK group dialout gives you access to the serial ports with their modems, and dip gives you access to ppp's configuration files. These enable you to configure and instigate connections, but that never had any effect on users, who can all use the IP link once it's up. To block a group, I think you'd have to use a packet filter to drop their outgoing packets. Take a look at http://ipset.netfilter.org/iptables-extensions.man.html under the heading "owner". OTOH it's easy to voluntarily block some browsers from being able to make non-local connections, eg: lynx -localhost Cheers, David.
