Persianov on Security
[Blog] [Projects] [Bugtrack] [Challenges] [Contact] [RSS]

[ How to block Internet access for programs on Linux ]

There are times when we may need to block a specific program from accessing the Internet. I’m not saying while analysing some malicious executable, for that you should use a virtual environment (for starters). What if you want to block a text editor like Visual Studio Code? It is SCARY to look at the Wireshark/tcpdump output while executing it! Before even loading my file, it already made several DNS requests and established 4 TCP connections; and that’s with disabled analytics/metrics reports.

And yes, Codium is also chatty!

Steps to block Internet access

  1. Create a new local group that we’ll use as a Internet contained group
    sudo addgroup no-internet
    
  2. Get the ID of the newly created group and store it in GID variable
    GID=$(getent group no-internet | cut -d ':' -f3)
    
  3. Add a nftables rule to DROP outgoing traffic from the new group
    nft add rule ip filter OUTPUT skgid $GID counter drop
    
  4. Execute commands/programs from inside the new group
    sudo -g no-internet ping 8.8.8.8 # No Internet access for ping
    sudo -g no-internet code # No Internet access for VS Code
    

That’s it! Expect some errors from VS Code/VS Codium about not being able to connect to the extensions repositories, at this stage you probably have all the necessary extensions installed.



Liked it? Share it: