Update README.md
This commit is contained in:
16
README.md
16
README.md
@@ -6,11 +6,11 @@ Simple minimalistic methodology to prevent specified Linux programs having acces
|
||||
## Getting Started
|
||||
|
||||
### Dependencies
|
||||
*iptables
|
||||
- iptables
|
||||
|
||||
*systemd or cron
|
||||
- systemd or cron
|
||||
|
||||
*sg
|
||||
- sg
|
||||
|
||||
### Creating the Group
|
||||
First we will create the controlled access group through which programs will be denied public network access
|
||||
@@ -49,15 +49,15 @@ WantedBy=multi-user.target
|
||||
|
||||
Breakdown of iptables command:
|
||||
|
||||
*iptables is an administration tool for IPv4/IPv6 packet filtering
|
||||
- iptables is an administration tool for IPv4/IPv6 packet filtering
|
||||
|
||||
*the -I OUTPUT flag specifies the rule is responsible for packets leaving the host
|
||||
- the -I OUTPUT flag specifies the rule is responsible for packets leaving the host
|
||||
|
||||
*the -m owner flag allows packet filtering based upon the owner of the process
|
||||
- the -m owner flag allows packet filtering based upon the owner of the process
|
||||
|
||||
*the --gid-owner "no-internet" flag specifies for the rule to match processes created by the group 'no-internet'
|
||||
- the --gid-owner "no-internet" flag specifies for the rule to match processes created by the group 'no-internet'
|
||||
|
||||
*the -j DROP flag specifies the action to take, in this case dropping the packets
|
||||
- the -j DROP flag specifies the action to take, in this case dropping the packets
|
||||
|
||||
Next we will reload our systemctl services, and enable no-internet so it persistently starts at boot
|
||||
```
|
||||
|
||||
Reference in New Issue
Block a user