Prevent a Software to Access Network

From Run Your Own
Jump to: navigation, search

For whatever reason, maybe you want to run a software, but don't want it to access your network at all. Here is how to do it:


  • Create a group specifically for this purpose:
sudo addgroup no-internet
  • Add yourself or whoever will run the software to this group:
sudo adduser $USER no-internet
sudo adduser jean-pierre no-internet
  • block traffic for the group (see Notes):
sudo iptables -I OUTPUT 1 -m owner --gid-owner no-internet -j DROP
sudo ip6tables -I OUTPUT 1 -m owner --gid-owner no-internet -j DROP


  • When you want to run software without allowing it to use the network, run it as the no-internet group owner:
sg no-internet -c "/path/to/software --arguments"


  • The iptable commands in Setup are not permanent, so make sure you execute them again after a reboot, or put that in a shell script, or add them to your iptable static rules, using whatever preferred method.