29 lines
785 B
Markdown
29 lines
785 B
Markdown
# No-Internet Group
|
|
|
|
## Description
|
|
Simple methodology to prevent specified Linux desktop programs having access to the public Internet via iptables
|
|
|
|
## Getting Started
|
|
|
|
### Dependencies
|
|
*iptables
|
|
|
|
*systemd or cron
|
|
|
|
*sg
|
|
|
|
### Creating the Group
|
|
First we will create the controlled access group through which programs will be denied public network access
|
|
```
|
|
groupadd no-internet
|
|
```
|
|
|
|
### Creating the Systemd Service
|
|
Note: a similar effect could be achived via crontab by making an entry along the lines of
|
|
```
|
|
@reboot root iptables -I OUTPUT 1 -m owner --gid-owner "no-internet" -j DROP
|
|
```
|
|
### Modifying .desktop entries
|
|
|
|
### Limitations
|
|
As iptables operates at layer 3 programs ran through this sandboxed group will still be able to reach devices within the same broadcast domain |