Often system administrators need to disable or block internet access for certain programs in Linux. This is a very common requirement, and often troubling for beginners. Of course, there are many third-party tools and software that allow you to do this but they often come at a price. Did you know that you can disable internet access for certain programs for free, without using third-party tools? In this article, we will learn how to restrict internet access for programs in Linux.
How to Restrict Internet Access for Programs in Linux
Here are the steps to restrict internet access for programs in Linux.
1. Create New User Group
First, ewe will create a new user group in Linux, say, no-internet.
$ groupadd no-internet
Then run the following command to validate this group.
$ grep no-internet /etc/group
Finally add the user whom you need to restrict to this group. Replace username with your user’s name.
$ useradd -g no-internet username
If you already have a group and want to add the user to it run the following command instead.
$ usermod -a -G no-internet userName
2. Create Shell Script
Create a shell script in one of the folders in PATH.
$ vi /home/username/.local/bin/no-internet
Add the following code to it.
#!/bin/bash sg no-internet "$@"
Save and close the file. Make it an executable with the following command.
$ chmod 755 /home/username/.local/bin/no-internet
What you have effectively done is created a new command called no-internet in your system, its syntax being
$ no-internet program_name
3. Update Firewall Rules
Update iptables rules to disable network activity for this new group no-internet.
$ iptables -I OUTPUT 1 -m owner --gid-owner no-internet -j DROP
Make sure to save changes to iptables rules. Here are the steps to make iptables rules permanent.
4. Check it
Once you the above script and firewall rules ready, you can test it by using it to disable access to an application, such as, say, firefox, using the following command.
$ no-internet firefox OR $ no-internet "firefox"
In this article, we have learnt how to restrict internet access for programs in Linux. You can use these steps on all Linux distributions. If you have a different firewall other than plain iptables, you will need to update its rules as well.