#!/bin/bash

# deny new outgoing tcp connections
# remember to chmod u+s /usr/bin/ssh for this to work with ssh

source /usr/local/share/dynfw.sh

args 2 $# "${0} UID {on/off}" "Reject all new outgoing TCP connections made by user UID"

if [ "$2" = "on" ] 
then
	rec_check user-outblock $1 "$1 already blocked" on
	record user-outblock $1
	INSERT="-I"
elif [ "$2" = "off" ]
then
	rec_check user-outblock $1 "$1 not currently blocked" off
	unrecord user-outblock $1
	INSERT="-D"
else
	echo "Error: \"off\" or \"on\" expected as second argument"
	exit 1
fi	
iptables ${INSERT} OUTPUT -p tcp -m owner --uid-owner ${1} -m state --state NEW -j REJECT --reject-with tcp-reset
echo "UID ${1} block ${2}."
