Firstly, to explain my current set up, I have a home server with two interfaces, eth0 (public interface) and eth1 (private interface). eth1 is used for my internal network and backups.
I would like to block *all* users from doing anything on eth1, and only allow certain system users, such as root, cPanel, etc.
What would be the best / recommended way to achieve this?
Moderated Message:
Okay I've semi-worked out how to do this; I have added the following to the csfpre.sh file:
iptables -A OUTPUT -o eth1 -m owner --uid-owner 0 -j ACCEPT
iptables -A OUTPUT -o eth1 -j DROP
However, we have rules in the csf.allow file that allow access to certain ports on the eth1 subnet, which seem to be taking preference over the OUTPUT chain.
Is there a way to re-order it so csfpre.sh is loaded / followed *before* the ALLOWIN chain? Or would the only way around this be to add the rules we have in the csf.allow file, into the csfpre.sh file?