-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathNoInternet.txt
80 lines (54 loc) · 2 KB
/
NoInternet.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
(modified from http://ubuntuforums.org/showthread.php?t=1188099)
These instructions show how to start specific programs without allowing them access
to the internet. It could be useful when starting Windows programs under Wine, if you
don't know what program does over the network, or you simply don't trust the program.
Step 1.
-------
Create a group called "no-internet" and add your user as a member of this new group.
(System->Administration->Users and Groups)
Logout and then log back in again to make the group permissions take effect.
Step 2.
-------
Create a script (somewhere in your PATH) called "ni" (stands for No Internet),
as follows:
sudo nano /usr/bin/ni
with this contents:
#!/bin/bash
COMMAND="$1"
shift
for arg; do
COMMAND="$COMMAND \"$arg\""
done
sg no-internet "$COMMAND"
And make it executable:
sudo chmod +x /usr/bin/ni
Step 3.
-------
Create a script called iptables_no-internet_rule as follows:
sudo nano /etc/network/if-pre-up.d/iptables_no-internet_rule
or, alternatively, if above doesn't work after restart:
sudo nano /etc/network/if-up.d/iptables_no-internet_rule
with this contents:
#!/bin/bash
iptables -I OUTPUT 1 -m owner --gid-owner no-internet -j DROP
or, alternativly, if you want to block only outside traffic:
iptables -I OUTPUT 1 -m owner --gid-owner no-internet ! -d 192.168.0.0/24 -j DROP
And make it executable:
sudo chmod +x /etc/network/if-pre-up.d/iptables_no-internet_rule
#sudo chmod +x /etc/network/if-up.d/iptables_no-internet_rule
Step 4.
-------
Enable the new firewall settings you made above in step 3 by running the
following command:
sudo /etc/network/if-pre-up.d/iptables_no-internet_rule
#sudo /etc/network/if-up.d/iptables_no-internet_rule
Step 5.
-------
Finished. You can now run any program without allowing that program to access
the network by using this command:
ni program_name [arguments]
Examples:
ni ping www.google.com
ni wine install.exe
ni firefox
Using this with Wine Launcher Creator is fairly easy, just change wine command from "wine" to "ni wine".