View Single Post
Old 09-03-2018, 11:01 PM   #5
monty
Human being with feelings
 
monty's Avatar
 
Join Date: Dec 2015
Posts: 214
Default

These instructions show how to start specific programs without allowing them access
to the internet. It could be useful when starting Windows programs under Wine, if you
don't know what program does over the network, or you simply don't trust the program.

replace "username" with your own username

Step 1.
-------
Create a group called "no-internet" and add your user as a member of this new group:
sudo groupadd no-internet
sudo usermod -a -G no-internet username

Step 2.
-------
Create a script:
sudo nano /usr/bin/ni

with this contents:

#!/bin/bash
COMMAND="$1"
shift
for arg; do
COMMAND="$COMMAND "$arg""
done
sg no-internet "$COMMAND"

And make it executable:

sudo chmod +x /usr/bin/ni

Step 3.
-------
Create a script called iptables_no-internet_rule as follows:

sudo nano /etc/network/if-pre-up.d/iptables_no-internet_rule

with this contents:

#!/bin/bash
iptables -I OUTPUT 1 -m owner --gid-owner no-internet -j DROP


And make it executable:
sudo chmod +x /etc/network/if-pre-up.d/iptables_no-internet_rule


Step 4.
-------
Enable the new firewall settings:
sudo /etc/network/if-pre-up.d/iptables_no-internet_rule


Step 5.
-------
Finished. You can now run any program without allowing that program to access
the network by using this command:

ni program_name [arguments]

Examples:

ni ping google.com
ni wine install.exe
ni firefox

Using this with Wine Launcher Creator is fairly easy, just change wine command from "wine" to "ni wine".



Reaper startup bash script:

nano /home/username/bin/reaper.sh

add:
#!/bin/bash
export WINELOADER='ni /usr/bin/wine'
ni /home/username/REAPER/reaper

make it executable:
chmod +x /home/username/bin/reaper.sh

launch reaper (create starter):
/home/username/bin/reaper.sh
__________________
Manjaro-KDE RT, AMD FX-8350, 16GB, nvidia GT 630, Multiscreen (2x 22", 1x 15"), Reaper (latest) Theme: iLogic Next, Interface: Tascam US-16x08, ControlSurface: Tascam US-2400, Monitors: JBL 4412A, Tascam VL-S3 & Alesis Elevate 3 mkII
monty is offline   Reply With Quote