On 2018-07-14 14:49, Dave Howorth wrote:
What's the best/easiest way to stop a program accessing the net?
I want to run a program (actually 'make') that may in turn run other programs and some of which might try to access the net. I'd like the access to be stopped and me given a meaningful error message (i.e. what part of what program tried to access what net resource). Ideally, I'd then have the choice of aborting or allowing it to continue.
Searching throws up various possibilities, some of which are not in the standard repositories, and I'm not sure what the best approach is.
imho there are multiple ways to chive this. Firstly, iptables has a huge amount of seldom used uptions, you can specify the UID of who is generating traffic, and allow/deny that. But that is strict on every thing a specific user tries to to.
other approach, might be to handle this through apparmor. For each application you can define what a program is allowed to. In this case: refrain a program any network access.