API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 20th, 2017
76
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.78 KB | None | 0 0
raw download clone embed print report
  1. %sudo ALL=(:no-internet) NOPASSWD: ALL
  2.  
  3. Signed-off-by: Christoph Hellwig <hch@xxxxxx>
  4. Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
  5. Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  6.  
  7. #!/bin/sh
  8. # Firewall apps - only allow apps run from "internet" group to run
  9.  
  10. # clear previous rules
  11. sudo iptables -F
  12.  
  13. # accept packets for internet group
  14. sudo iptables -A OUTPUT -p tcp -m owner --gid-owner internet -j ACCEPT
  15.  
  16. # also allow local connections
  17. sudo iptables -A OUTPUT -p tcp -d 127.0.0.1 -j ACCEPT
  18. sudo iptables -A OUTPUT -p tcp -d 192.168.0.1/24 -j ACCEPT
  19.  
  20. # reject packets for other users
  21. sudo iptables -A OUTPUT -p tcp -j REJECT
  22.  
  23. # open a shell with internet access
  24. sudo -g internet -s
  25.  
  26. # run app without access to internet
  27. sudo unshare -n sudo -u my_user my_app
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!