1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
#!/bin/sh
# Copyright: 2012-2017 gregor herrmann <gregoa@debian.org>
#
# This program is free software; you can redistribute it and/or modify it
# under the same terms as Perl itself.
# needs ip_tables and ip6_tables loaded
# NOTE: this has no effect with pbuilder's default USENETWORK=no
apt-get install -y iptables
dmesg --clear
# GID must match the one defined by BUILDUSERID into pbuilderrc file
iptables -A OUTPUT ! -s 127.0.0.0/8 ! -d 127.0.0.0/8 -m owner --gid-owner 1234 -j LOG --log-uid --log-prefix "COWBUILDER: " || true
iptables -A OUTPUT ! -s 127.0.0.0/8 ! -d 127.0.0.0/8 -m owner --gid-owner 1234 -j REJECT --reject-with icmp-port-unreachable || true
ip6tables -A OUTPUT ! -s ::1 ! -d ::1 -m owner --gid-owner 1234 -j LOG --log-uid --log-prefix "COWBUILDER: " || true
ip6tables -A OUTPUT ! -s ::1 ! -d ::1 -m owner --gid-owner 1234 -j REJECT --reject-with icmp6-port-unreachable || true
|
