On 2018-05-15, Richard Owlett <rowl...@cloud85.net> wrote: >> To block a group, I think you'd have to use a packet filter to >> drop their outgoing packets. Take a look at >> http://ipset.netfilter.org/iptables-extensions.man.html >> under the heading "owner". > > That gives just enough information to tantalize ;[ > What should I search for to see a sample use. > My only iptable knowledge is that they exist. >
Apparently you can create a group: sudo groupadd nonetty Add existing user 'lydia'(and anyone else you'd like) to the group sudo usermod -a -G nonetty lydia Then an iptables rule like this iptables -I OUTPUT 1 -m owner --gid-owner nonetty -j DROP would prevent lydia (and others in the nonetty group) from riding the innertubes. I believe. More well-informed minds might pipe up or chime in at this point, who knows? (I'm looking at the link above without instantaneous edification, BTW.)
