From ce83a3313147c6324302edf8b1d81541e7e2cbb3 Mon Sep 17 00:00:00 2001 From: tobias Date: Sun, 8 Mar 2026 21:34:23 +0000 Subject: [PATCH] Update README.md --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index b8f831c..5ab230e 100644 --- a/README.md +++ b/README.md @@ -75,6 +75,7 @@ Note: a similar effect could be achived via crontab by making an entry along the Simply put when a program is ran through an application launcher the .desktop file is what is what is being read from and executed in the background They are typically located within ~/.local/share/applications + An example of a program which I want to deny network access to due to its persistent and bothersome connections is Lutris Before modification it's Exec value will likely look something like @@ -87,7 +88,8 @@ This may be achieved by changing the line like so: Exec=/usr/bin/sg no-internet /usr/bin/lutris ``` Note: your binaries may be located in a different place type "which [program_name]" to find their path + Now any time lutris is launched from my desktop it will be ran through the "no-internet" group ### Limitations -As iptables operates at layer 3 programs ran through this sandboxed group will still be able to reach devices within the same broadcast domain \ No newline at end of file +As iptables operates at layer 3 programs ran through this sandboxed group will still be able to reach devices within the same broadcast domain