Allegedly, on or about 04 May 2014, Someone sent: > I'm planning to install a fedora system to a USB flash drive, and > then give that to someone to boot their machine from. I don't have > details on the hardware of the target machine, but I'd like to ensure > that there's no network activity for the duration of their session in > the environment. And you can't simply get them to unplug the network cable? Are you trying to protect them from some expected harm while resolving some problem? Without knowing what network hardware is on the PC, it's a bit hard to block the modules or drivers that might be loaded. You'd have to block them all, to be sure. A simpler method may be to turn on the firewall, or hard code some iptables rules, so that only 127.0.0.1 can communicate with itself. I think you will need to keep that going, or they'll never be able to do anything with the computer (such as start X). With prior releases, I would have run this script (below), I'm not sure if it covers any more recent changes to iptables. See the man file, but it seems to work on Fedora 17. You can't even ping another PC on the LAN using its numerical IP address. The last line saves it as the default iptables configuration, so after you've run this script just the once, these rules will get loaded when the machine boots up. #!/bin/bash ## Flush any pre-existing rules: iptables --flush INPUT iptables --flush OUTPUT iptables --flush FORWARD iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain ## Set default (policy) rules: iptables --policy INPUT DROP iptables --policy OUTPUT DROP iptables --policy FORWARD DROP ## It MAY be necessary to allow 127.0.0.1 traffic: iptables --append INPUT --jump ACCEPT --out-interface lo --source 127.0.0.1/255.0.0.0 iptables --append OUTPUT --jump ACCEPT --out-interface lo --source 127.0.0.1/255.0.0.0 iptables-save > /etc/sysconfig/iptables -- [tim@localhost ~]$ uname -rsvp Linux 3.9.10-100.fc17.x86_64 #1 SMP Sun Jul 14 01:31:27 UTC 2013 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. George Orwell's '1984' was supposed to be a warning against tyranny, not a set of instructions for supposedly democratic governments. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
