#!/bin/sh

# Copyright: 2012-2017 gregor herrmann <gregoa@debian.org>
#
# This program is free software; you can redistribute it and/or modify it
# under the same terms as Perl itself.


# needs ip_tables and ip6_tables loaded
# NOTE: this has no effect with pbuilder's default USENETWORK=no

apt-get install -y iptables

dmesg --clear

# GID must match the one defined by BUILDUSERID into pbuilderrc file
iptables  -A OUTPUT ! -s 127.0.0.0/8 ! -d 127.0.0.0/8 -m owner --gid-owner 1234 -j LOG --log-uid --log-prefix "COWBUILDER: " || true
iptables  -A OUTPUT ! -s 127.0.0.0/8 ! -d 127.0.0.0/8 -m owner --gid-owner 1234 -j REJECT --reject-with icmp-port-unreachable  || true
ip6tables -A OUTPUT ! -s ::1         ! -d ::1         -m owner --gid-owner 1234 -j LOG --log-uid --log-prefix "COWBUILDER: " || true
ip6tables -A OUTPUT ! -s ::1         ! -d ::1         -m owner --gid-owner 1234 -j REJECT --reject-with icmp6-port-unreachable || true
