You cannot block a single user, but you can block an IP address from going to outside.
- Code: Select all
iptables -A INPUT -s 192.168.0.X -d ! 192.168.0.1/24 -p tcp -m state --state NEW,RELATED,ESTABLISHED -m tcp --dport 80 -j REJECT
would block www access of IP 192.168.0.X via the router, except for local traffic. At least that's what I think. There's a lot of IPtables howtos on the web.
Entering this line is not persistent, it goes away upon reboot (so if you kill all network access, simply reboot). TO make it permanent add the line to /etc/rc.local