Block internet access to software

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sunday 09 January 2022 10:35:55 am William Morder via tde-users wrote:
>
> [Whatever Software] now collects and
> shares our data. Even though it is used almost entirely offline, requires
> no connection for actual users working at home.

Link:  
https://serverfault.com/questions/550276/how-to-block-internet-access-to-certain-programs-on-linux

I had an issue with the instructions in the above link.  Including my 
(programmer pidgin) notes as well, which should allow you to just 
find/replace michael for your username.

Best,
Michael


Block internet access

:As root:
iptables -L
cat /etc/group
groupadd nointernet
cat /etc/group
usermod -a -G nointernet michael


ll /usr/bin/no*
nano /usr/bin/nointernet
chmod +x /usr/bin/nointernet
ll /etc/network/if-pre-up.d
nano /etc/network/if-pre-up.d/iptables_nointernet_rule
ll /etc/network/if-pre-up.d/iptables_nointernet_rule
chmod +x /etc/network/if-pre-up.d/iptables_nointernet_rule
ll /etc/network/if-pre-up.d/iptables_nointernet_rule
ll /usr/bin/no*
cat /etc/network/if-pre-up.d/iptables_nointernet_rule
/etc/network/if-pre-up.d/iptables_nointernet_rule


# cat /etc/network/if-pre-up.d/iptables_nointernet_rule
#!/bin/bash
# iptables -A OUTPUT -m owner --gid-owner nointernet -j DROP
iptables -I OUTPUT 1 -m owner --gid-owner nointernet -j DROP

# cat /usr/bin/nointernet
#!/bin/bash
COMMAND="$1"
shift
for arg; do
COMMAND="$COMMAND \"$arg\""
done
sg nointernet "$COMMAND"

:Menu Entry
nointernet smplayer %U

Notes:
NAME
       sg - execute command as different group ID

SYNOPSIS
       sg [-] [group [-c ] command]

DESCRIPTION
       The sg command works similar to newgrp but accepts a command. The 
command will be executed with the /bin/sh shell. With most shells you may run 
sg from, you need to enclose multi-word commands in quotes. Another 
difference between newgrp and sg is that some shells treat newgrp specially, 
replacing themselves with a new instance of a shell that newgrp creates. This 
doesn't happen with sg, so upon exit from a sg command you are returned to 
your previous group ID.



____________________________________________________
tde-users mailing list -- users@xxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxx
Web mail archive available at https://mail.trinitydesktop.org/mailman3/hyperkitty/list/users@xxxxxxxxxxxxxxxxxx
[Index of Archives]     [Trinity Devel]     [KDE]     [Linux Sound]     [ALSA Users]     [ALSA Devel]     [Linux Audio Users]     [Linux Media]     [Kernel]     [Gimp]     [Yosemite News]     [Linux Media]     [Trinity Desktop Environment]
  Powered by Linux