I have several sudo users on Ubuntu 16 PC. ufw is disabled on this PC now. I need to switch ufw on for sudouser1. I need to make following config:
1) allow all and any incoming and outgoing connections only from subnet (for example 123.44..) but for all ports and protocols
2a) allow outgoing all and any connections only to specified IP outside subnet
OR
2b) deny ANY connections with specified IP
I try it, but it seems I am absolutely dummy. Is it possible at all?
UPDATE:
I need it not for security reasons, as (thanks to Charles Green) sudo user may just switch off UFW. I need it for a bunch of programms which run on this PC. If it is impossible to do for one user, ok I am ready to do so for all.
UPDATE2
After my experiments I have:
CMT:~$ sudo ufw status
Status: active
To Action From
-- ------ ----
Anywhere ALLOW Anywhere
Anywhere DENY 21.110.11.57
21.110.11.57 DENY Anywhere
Anywhere DENY 21.110.0.0/16
21.110.0.0/16 DENY Anywhere
Anywhere (v6) ALLOW Anywhere (v6)
But the command: netstat -nputw
output:
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 1.1.1.1:1234 21.110.11.57 ESTABLISHED
What is wrong?
