Prevent a Software to Access Network
From Run Your Own
For whatever reason, maybe you want to run a software, but don't want it to access your network at all. Here is how to do it:
- Create a group specifically for this purpose:
sudo addgroup no-internet
- Add yourself or whoever will run the software to this group:
sudo adduser $USER no-internet sudo adduser jean-pierre no-internet
- block traffic for the group (see Notes):
sudo iptables -I OUTPUT 1 -m owner --gid-owner no-internet -j DROP sudo ip6tables -I OUTPUT 1 -m owner --gid-owner no-internet -j DROP
- When you want to run
softwarewithout allowing it to use the network, run it as the
sg no-internet -c "/path/to/software --arguments"
iptablecommands in Setup are not permanent, so make sure you execute them again after a reboot, or put that in a shell script, or add them to your iptable static rules, using whatever preferred method.