run program without internet [debian]

based on:
http://ubuntuforums.org/showthread.php?t=1188099

add the group “group-no-internet”:
sudo groupadd group-no-internet

add your existing user to the group:
sudo usermod -a -G group-no-internet xxfreddyxx

create the ni file:
sudo touch /usr/bin/ni
sudo chmod +x /usr/bin/ni
sudo echo '#!/bin/bash' | sudo tee -a /usr/bin/ni
sudo echo 'sg group-no-internet "$1"' | sudo tee -a /usr/bin/ni

create the iptables_no-internet_rule:
sudo touch /etc/network/if-pre-up.d/iptables_no-internet_rule
sudo chmod +x /etc/network/if-pre-up.d/iptables_no-internet_rule
sudo echo '#!/bin/bash' | sudo tee -a /etc/network/if-pre-up.d/iptables_no-internet_rule
sudo echo 'iptables -A OUTPUT -m owner --gid-owner group-no-internet -j DROP' | sudo tee -a /etc/network/if-pre-up.d/iptables_no-internet_rule

execute the iptables_no-internet_rule:
sudo /etc/network/if-pre-up.d/iptables_no-internet_rule

logout from your current user xxfreddyxx and login again

usage examples:
ni "program_name"
ni "ping http://www.google.com"
ni "wine install.exe"
ni firefox
ni iceweasel

remove all changes:
delete files:
sudo rm /usr/bin/ni
sudo rm /etc/network/if-pre-up.d/iptables_no-internet_rule

delete user from group:
sudo gpasswd -d xxfreddyxx group-no-internet

delete group:
sudo groupdel group-no-internet

check users and groups:
list all groups of a user:
groups xxfreddyxx

list all users in a group:
grep 'group-no-internet' /etc/group

list all groups+users:
cat /etc/group

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s