Prevent a Software to Access Network

From Run Your Own

Jump to navigation Jump to search

For whatever reason, maybe you want to run a software, but don't want it to access your network at all. Here is how to do it:

Setup

Create a group specifically for this purpose:

sudo addgroup no-internet

Add yourself or whoever will run the software to this group:

sudo adduser $USER no-internet
sudo adduser jean-pierre no-internet

block traffic for the group (see Notes):

sudo iptables -I OUTPUT 1 -m owner --gid-owner no-internet -j DROP
sudo ip6tables -I OUTPUT 1 -m owner --gid-owner no-internet -j DROP

Usage

When you want to run software without allowing it to use the network, run it as the no-internet group owner:

sg no-internet -c "/path/to/software --arguments"

Notes

The iptable commands in Setup are not permanent, so make sure you execute them again after a reboot, or put that in a shell script, or add them to your iptable static rules, using whatever preferred method.

Retrieved from "https://things.bleu255.com/runyourown/index.php?title=Prevent_a_Software_to_Access_Network&oldid=271"

System