Software

So it’s been a while since my last posts.  As video games and programming have been long term hobbies of mine, I decided to launch a new indie game company, Astral Byte.  I’ve been working on a new project and making some really good progress so far.  This has kept me from other activities, but fear not, I will return to them as well.

As a teaser, here is a character named Nara that I’ve created.

nara01

So why not go check out out my new site and leave some feedback.

network-offline

Once upon a time programs would ask your permission before using your resources.  The idea that a program would phone-home and connect to a remote system host would be appalling.  Today this practice is common place.  Applications do anything from just checking for latest versions to submitting tracking and usage metrics.  Wouldn’t it be great to have the ability to run an application or command without network access?

Thankfully, there is an easy way to do just this with Linux groups and iptables.  I’ve written small wrapper script that enables you to easily run a command or application without network access.

Some setup required

To make the magic work, a few things must be setup first.  Start by adding a nonet group and  remove the password.

Then you’ll need to add a iptables rule to reject all packets using that group id. If you’re running a Debian/Ubuntu distribution this can be accomplished via a script place in /etc/network/if-pre-up.d/nonet.

Wrapper script

The next step is my wrapper script.  For added safety, the script checks for a few conditions before running switch group.

Download: nonet

Download and install the above script in your path, $HOME/bin for example.  Make sure you chmod +x nonet first.  You’re then ready to run commands.

All child threads from the main parent will inherit the nonet group and therefore have no internet access.  This method can be expanded for additional permissions by using more groups.

 

LAN/Localhost only

This is an example of using the above method to allow localhost + local area network access only.  Use where you want an application to have access to say a local server, but not talk to the outside world.  Script is for /etc/network/if-pre-up.d/lanonly.