Ubuntu – How to disable Internet connection for a single process

firewallinternetinternet connectionnetworking

I know the PID of a specific process and I want to disable the Internet access for this process and only for this process, so other process can access Internet.

Is there any way to do it?

I googled some stuff and found a way to disable Internet for executable programs.
But I need, for example, to have two running chrome, one having access to Internet and other not.

Best Answer

I've just had the same question and found a really nice solution on ubuntuforums.org

Summary

add a group "no-internet" and add your user to it

sudo addgroup no-internet
sudo adduser $USER no-internet

add a iptables rule to prevent that group from accessing the network:
```
iptables -I OUTPUT 1 -m owner --gid-owner no-internet -j DROP
```
run the process you don't want to have internet access like with sg (execute command as different group ID):
```
sg no-internet "process command line"
```

Related Solutions

Ubuntu – How to block internet access for an application

You can use apparmor to deny network traffic for some application. First you must install apparmor and apparmor-utils ..

sudo apt-get install apparmor*

After that you can generate profile to you application ...

sudo aa-genprof /usr/bin/google-chrome

Next step is to change Networking part in profile to:

sudo nano /etc/apparmor.d/usr.bin.chromium-browser

audit deny network,
audit deny network inet stream,
deny network inet6 stream,
deny @{PROC}/[0-9]*/net/if_inet6 r,
deny @{PROC}/[0-9]*/net/ipv6_route r,
deny capability net_raw,

Next, check config with apparmor_parser and reload config

sudo apparmor_parser -r /etc/apparmor.d/usr.bin.chromium-browser

Change mode from complain to enforce aka turn on apparmor for this app.

sudo aa-complain /etc/apparmor.d/usr.bin.chromium-browser

More manual you can find here and here and here

Best Answer

Related Solutions

Ubuntu – How to block internet access for an application

Related Question