Prevent a Software to Access Network: Difference between revisions
Jump to navigation
Jump to search
(Created page with "For whatever reason, maybe you want to run a software, but don't want it to access your network at all. Here is how to do it: == Setup == * Create a group specifically for t...") |
No edit summary |
||
| Line 20: | Line 20: | ||
* The <code>iptable</code> commands in Setup are not permanent, so make sure you execute them again after a reboot, or put that in a shell script, or add them to your iptable static rules, using whatever preferred method. | * The <code>iptable</code> commands in Setup are not permanent, so make sure you execute them again after a reboot, or put that in a shell script, or add them to your iptable static rules, using whatever preferred method. | ||
[[Category: System]] | |||
Latest revision as of 18:44, 21 February 2019
For whatever reason, maybe you want to run a software, but don't want it to access your network at all. Here is how to do it:
Setup
- Create a group specifically for this purpose:
sudo addgroup no-internet
- Add yourself or whoever will run the software to this group:
sudo adduser $USER no-internet sudo adduser jean-pierre no-internet
- block traffic for the group (see Notes):
sudo iptables -I OUTPUT 1 -m owner --gid-owner no-internet -j DROP sudo ip6tables -I OUTPUT 1 -m owner --gid-owner no-internet -j DROP
Usage
- When you want to run
softwarewithout allowing it to use the network, run it as theno-internetgroup owner:
sg no-internet -c "/path/to/software --arguments"
Notes
- The
iptablecommands in Setup are not permanent, so make sure you execute them again after a reboot, or put that in a shell script, or add them to your iptable static rules, using whatever preferred method.