Saturday, November 12, 2011

prevent applications from accessing the internet

sudo addgroup -gid 2000 nointernet
sudo usermod  -a -G nointernet fabio


/sbin/iptables -N LOGDROP
/sbin/iptables -A LOGDROP -j LOG
/sbin/iptables -A LOGDROP -j DROP
/sbin/iptables -A OUTPUT  -m owner --gid-owner 2000 ! -d  127.0.0.1 -j LOGDROP

sg nointernet <applicationName>
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)