These instructions show how to start specific programs without allowing them access
to the internet. It could be useful when starting Windows programs under Wine, if you
don't know what program does over the network, or you simply don't trust the program.
replace "username" with your own username
Step 1.
-------
Create a group called "no-internet" and add your user as a member of this new group:
sudo groupadd no-internet
sudo usermod -a -G no-internet username
Step 2.
-------
Create a script:
sudo nano /usr/bin/ni
with this contents:
#!/bin/bash
COMMAND="$1"
shift
for arg; do
COMMAND="$COMMAND "$arg""
done
sg no-internet "$COMMAND"
And make it executable:
sudo chmod +x /usr/bin/ni
Step 3.
-------
Create a script called iptables_no-internet_rule as follows:
sudo nano /etc/network/if-pre-up.d/iptables_no-internet_rule
with this contents:
#!/bin/bash
iptables -I OUTPUT 1 -m owner --gid-owner no-internet -j DROP
And make it executable:
sudo chmod +x /etc/network/if-pre-up.d/iptables_no-internet_rule
Step 4.
-------
Enable the new firewall settings:
sudo /etc/network/if-pre-up.d/iptables_no-internet_rule
Step 5.
-------
Finished. You can now run any program without allowing that program to access
the network by using this command:
ni program_name [arguments]
Examples:
ni ping google.com
ni wine install.exe
ni firefox
Using this with Wine Launcher Creator is fairly easy, just change wine command from "wine" to "ni wine".
Reaper startup bash script:
nano /home/username/bin/reaper.sh
add:
#!/bin/bash
export WINELOADER='ni /usr/bin/wine'
ni /home/username/REAPER/reaper
make it executable:
chmod +x /home/username/bin/reaper.sh
launch reaper (create starter):
/home/username/bin/reaper.sh
__________________
Manjaro-KDE RT, AMD FX-8350, 16GB, nvidia GT 630, Multiscreen (2x 22", 1x 15"), Reaper (latest) Theme: iLogic Next, Interface: Tascam US-16x08, ControlSurface: Tascam US-2400, Monitors: JBL 4412A, Tascam VL-S3 & Alesis Elevate 3 mkII
|