Hi everyone,

For a very special use case of mine, I need to allow users to connect over SSH to my server to setup a SOCKS proxy:

ssh -D localhost:1080 -N my.server.domain.tld

However, I only want them to be able to reach 127.0.0.1 through this proxy (so, my server itself).

Is that even possible ?

  • z3bra
    OPEnglish
    51 year ago

    That’s awesome, I didn’t know you could filter by user ID ! I just tried and it works perfectly. I use the following:

    block out proto { tcp udp } from self to port != domain user otl

    This effectively blocks all outgoing connections for the given user (except DNS, as I want to allow forwarding DNS over SOCKS). Thanks a lot for the quick guidance !

    • Oliver LoweEnglish
      11 year ago

      No worries! I assume you’re the same z3bra who posted on /r/unixporn? If so answering your question quickly is the least I could do; your posts got me back into Linux/Unix for fun during university (studying medical science) in 2014. That got me a job in IT straight out of uni then into software dev. It’s been a wild ride the past 9 years living in both Australia and the Netherlands. So big, big thanks to you!

      • z3bra
        OPEnglish
        31 year ago

        Yeah that’s me, though that was a very long time ago haha. That’s an awesome story, I could never guess simple posts like mines could be that much inspirational ^^ Thanks for sharing !