iptables can block Internet access to application running as a specific group or user. So to enable application specific Internet blocks can be achieved this way:
Add a group which we can then add to the blocked list. I am adding here a group named 'nosoupforyou'
addgroup nosoupforyou
Set a password for this group
gpasswd nosoupforyou
Add iptables rule to enable blocking. This will drop all packets created by nosoupforyou
iptables -A OUTPUT -m owner --gid-owner nosoupforyou -j DROP
finally run a program as this new group
sg nosoupforyou /usr/bin/firefox
You will notice that if you start firefox this way, you can not access any sites at all. You can just start any other programs you would like to block from accessing Internet.
0 comments:
Post a Comment