# No-Internet Group

## Description
Simple methodology to prevent specified Linux desktop programs having access to the public Internet via iptables

## Getting Started

### Dependencies
*iptables

*systemd or cron

*sg

### Creating the Group
First we will create the controlled access group through which programs will be denied public network access 
```
groupadd no-internet
```

### Creating the Systemd Service
Note: a similar effect could be achived via crontab by making an entry along the lines of
```
@reboot  root  iptables -I OUTPUT 1 -m owner --gid-owner "no-internet" -j DROP
```
### Modifying .desktop entries

### Limitations
As iptables operates at layer 3 programs ran through this sandboxed group will still be able to reach devices within the same broadcast domain