Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 1)создать новогопользователя
- sudo useradd -m noinet
- 2)добавить правила iptables (запретить новому пользователю интернет вообще)
- sudo iptables -A OUTPUT -m owner --uid-owner noinet -j DROP
- 3)запуск
- -консольный
- sudo -u noinet ping google.ru
- -иксовый
- 1.sudo nano /usr/local/bin/xsu
- #!/bin/sh
- if [ $# -lt 2 ]
- then echo "usage: `basename $0` noinet command" >&2
- exit 2
- fi
- NOINET="$1"; shift
- exec su - "$NOINET" -c "xauth add `xauth list \"$DISPLAY\"`; \
- exec env DISPLAY='$DISPLAY' "'"$SHELL"'" -c '$*'"
- 2.sudo chmod 754 /usr/local/bin/xsu
- 3.sudo xsu noinet 'firefox &'
- 4)сохранить правила iptables
- 0.sudo su
- 1.iptables-save > /etc/iptables/iptables.rules
- 2.sudo systemctl start iptables && sudo systemctl enable iptables
- Снос:
- sudo userdel -r noinet
- sudo rm /usr/local/bin/xsu /etc/iptables/iptables.rules
- sudo systemctl disable iptables && sudo systemctl stop iptables
- на всякий случай:
- # iptables -F
- # iptables -X
- # iptables -t nat -F
- # iptables -t nat -X
- # iptables -t mangle -F
- # iptables -t mangle -X
- # iptables -t raw -F
- # iptables -t raw -X
- # iptables -t security -F
- # iptables -t security -X
- # iptables -P INPUT ACCEPT
- # iptables -P FORWARD ACCEPT
- # iptables -P OUTPUT ACCEPT
- проверить:
- sudo iptables -nvL --line-numbers
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement