Re: iptables & programs

To: debian-user@lists.debian.org
Subject: Re: iptables & programs
From: Andrew Cady <d@jerkface.net>
Date: Tue, 14 Mar 2006 15:43:00 -0500
Message-id: <[🔎] 20060314204300.GA12342@jerkface.net>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20060314141341.G4df339da@leonov.stosberg.net>
References: <[🔎] 200603141359.07958.debc@fuckaround.org> <[🔎] 20060314141341.G4df339da@leonov.stosberg.net>

On Tue, Mar 14, 2006 at 03:13:41PM +0100, Dennis Stosberg wrote:
> Pol Hallen wrote:
> 
> > i'd like block the internet connection on these programs ;-)
> >
> > which better solution of this problem?
>
> Create an additional user account and run those programs with that
> user's rights only.  Then use the iptables "owner" module to restrict
> outgoing connections made by that user.
>
> See "-m owner" and "--uid-owner" in the iptables manual page for
> details.

This works fine, but if you want your wine apps to run with your user's
rights, or you want wine to be used by multiple users, another solution
is to add a group called, say, 'nonet', and use dpkg-statoverride to set
wine to group nonet and mode setgid.

Reply to:

References:
- iptables & programs
  - From: Pol Hallen <debc@fuckaround.org>
- Re: iptables & programs
  - From: Dennis Stosberg <lists@stosberg.net>

Prev by Date: Turning off shell access
Next by Date: Re: Turning off shell access
Previous by thread: Re: iptables & programs
Next by thread: "make install" > debian package
Index(es):
- Date
- Thread