Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- %sudo ALL=(:no-internet) NOPASSWD: ALL
- Signed-off-by: Christoph Hellwig <hch@xxxxxx>
- Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
- Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
- #!/bin/sh
- # Firewall apps - only allow apps run from "internet" group to run
- # clear previous rules
- sudo iptables -F
- # accept packets for internet group
- sudo iptables -A OUTPUT -p tcp -m owner --gid-owner internet -j ACCEPT
- # also allow local connections
- sudo iptables -A OUTPUT -p tcp -d 127.0.0.1 -j ACCEPT
- sudo iptables -A OUTPUT -p tcp -d 192.168.0.1/24 -j ACCEPT
- # reject packets for other users
- sudo iptables -A OUTPUT -p tcp -j REJECT
- # open a shell with internet access
- sudo -g internet -s
- # run app without access to internet
- sudo unshare -n sudo -u my_user my_app
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement