Is it possible to block specific outbound hostnames for SSH SOCKS users?

Question

Is it possible to block connections to specific hostnames for users accessing the web via an SSH SOCKS proxy?

Answer 1

iptables has the owner module which allows you to specify rules by the uid/gid. I guess that should work for you. So, something like this should work:

iptables -A OUTPUT -p tcp -d some.host.name -m owner --uid someuser -j DROP