Block internet access for applications
Block internet access for applications
This tutorial is ment to be an example to block specific applications from accessing the internet. This is accomplished by the use of bash scripting and iptables firewalling.
Create a new group for iptables
At first add a new group to the system called no-internet.
1
groupadd no-internet
At second add the new group to your user.
1
usermod -aG no-internet $USER
At last verify that all went correct.
1
2
3
4
5
# check if group exists:
grep no-internet /etc/group
# check if group is added to your user.
sudo groups $USER
Create iptables rule
If not already check if iptables service is enabled and started.
1
2
3
4
5
# Check if the service is running and autostarting
systemctl status iptables
# Start and enable iptables service
systemctl enable iptables --now
Create the new iptables rule.
1
iptables -I OUTPUT 1 -m owner --gid-owner no-internet -j DROP
Verify that the rule is applied.
1
iptables -nvL
Make the ruleset persistent after restart.
1
iptables-save -f /etc/iptables/iptables.rules
Create start script and usage
Best practise is to create the script at a location available in your $PATH variable. So it could be in /usr/local/bin.
1
2
#!/usr/bin/bash
sg no-internet "$@"
You’re finished! Now you can your app by running no-internet firefox in terminal. It is also possible to just edit the Exec=-Section in *.desktop-files.
This post is licensed under CC BY 4.0 by the author.