You are not logged in.
Hi to all,
I would like to know if there is any way a user can disable network connections for a specific application.
Thank you,
Xwang
Offline
Could this work : https://wiki.archlinux.org/index.php/firewalls
Offline
Blocking port at a firewall is one way, probably the best one. Depending on the application, you can edit /etc/hosts file and replace domain1.com externalIPaddress with 127.0.0.1
This way your application will not be able to reach specific URL/s.
Offline
Yes, but I would like to block only a specific application, not all the traffic from the PC.
I've found this "solution" which uses iptables on the net:
"Add a group to your system (I use nonet myself), then add a rule to your output chain like this: -A OUTPUT -m owner --gid-owner nonet -j REJECT --reject-with icmp-net-unreachable Run the program for which you know in advance that you want to block, with sg (sg nonet "your_prog your_args")."
Do you think is it right?
Another suggestion was to use unshare to call the program disabling the net for that program only.
The problem is that unshare is runnable only by root so, in case, I should turn on its setuid flag in order to execute the program as a normal user, but I don't know if it is safe to do that.
Last edited by Xwang (2014-10-11 08:06:16)
Offline