restrict internet access for certain programs in linux

How to Restrict Internet Access for Programs in Linux

Team Fedingo

Often system administrators need to disable or block internet access for certain programs in Linux. This is a very common requirement, and often troubling for beginners. Of course, there are many third-party tools and software that allow you to do this but they often come at a price. Did you know that you can disable internet access for certain programs for free, without using third-party tools? In this article, we will learn how to restrict internet access for programs in Linux.


How to Restrict Internet Access for Programs in Linux

Here are the steps to restrict internet access for programs in Linux.

1. Create New User Group

First, ewe will create a new user group in Linux, say, no-internet.

$ groupadd no-internet

Then run the following command to validate this group.

$ grep no-internet /etc/group

Finally add the user whom you need to restrict to this group. Replace username with your user’s name.

$ useradd -g no-internet username

If you already have a group and want to add the user to it run the following command instead.

$ usermod -a -G no-internet userName

2. Create Shell Script

Create a shell script in one of the folders in PATH.

$ vi /home/username/.local/bin/no-internet

Add the following code to it.

#!/bin/bash
sg no-internet "$@"

Save and close the file. Make it an executable with the following command.

$ chmod 755 /home/username/.local/bin/no-internet

What you have effectively done is created a new command called no-internet in your system, its syntax being

$ no-internet program_name

3. Update Firewall Rules

Update iptables rules to disable network activity for this new group no-internet.

$ iptables -I OUTPUT 1 -m owner --gid-owner no-internet -j DROP

Make sure to save changes to iptables rules. Here are the steps to make iptables rules permanent.

4. Check it

Once you the above script and firewall rules ready, you can test it by using it to disable access to an application, such as, say, firefox, using the following command.

$ no-internet firefox
OR
$ no-internet "firefox"

In this article, we have learnt how to restrict internet access for programs in Linux. You can use these steps on all Linux distributions. If you have a different firewall other than plain iptables, you will need to update its rules as well.

Also read:

How to Check if String is Valid Number in JavaScript
How to Detect Invalid Date in JavaScript
How to Convert Date to Another Time Zone in JavaScript
How to Compare Arrays in JavaScript
How to Add Days to Date in JavaScript

Related posts:

How to Open Multiple Files in Vim
How to Rsync Files Between Two Servers
How to Disconnect Inactive or Idle SSH Sessions
Shell script to get CPU and memory utilization
How to Bring Background Process to Foreground in Linux
Install MySQL 8.0 in Ubuntu 20.04
How to Create Virtual Hard Disk Volume from File in Linux
Sed Command to Delete Lines in Linux

Leave a Reply

Your email address will not be published. Required fields are marked *