Update README.md

README.md

@@ -1,7 +1,7 @@
 # No-Internet Group
 
 ## Description
-Simple methodology to prevent specified Linux desktop programs having access to the public Internet via iptables
+Simple methodology to prevent specified Linux programs having access to the public Internet via iptables
 
 ## Getting Started
 
@@ -70,5 +70,21 @@ Note: a similar effect could be achived via crontab by making an entry along the
 ```
 ### Modifying .desktop entries
 
+.desktop files are used within graphical Linux shells to launch programs
+Simply put when you a program is ran through an application launcher the .desktop file is what is what is being read from and executed in the background 
+They are typically located within ~/.local/share/applications
+An example of a program which I want to deny network access to due to its persistent and bothersome connections is Lutris
+Before modification it's Exec value will likely look something like
+```
+Exec=/usr/bin/lutris
+```
+However we are going to modify this so it runs under the group "no-internet" any time it is launched thereby having outbound connections dropped
+This may be achieved by changing the line like so:
+```
+Exec=/usr/bin/sg no-internet /usr/bin/lutris
+```
+Note: your binaries may be located in a different place type "which [program_name]" to find their path
+Now any time lutris is launched from my desktop it will be ran through the "no-internet" group
+
 ### Limitations
 As iptables operates at layer 3 programs ran through this sandboxed group will still be able to reach devices within the same broadcast domain