-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
El 2018-07-14 a las 14:17 -0400, Patrick Shanahan escribió:
- Dave Howorth <> [07-14-18 11:39]:
On Sat, 14 Jul 2018 11:17:59 -0400 Anton Aylward firstname.lastname@example.org wrote:
On 14/07/18 10:56 AM, Patrick Shanahan wrote:
you will/should get an error when something tries to access the disconnected network.
Thanks for the idea. I guess that is simple but I was hoping for something a little less drastic. I'd really like to still be able to access the internet whilst the program is running.
I've read of a program called firejail for example and I believe iptables can do it but I've no experience of either (or of AppArmor if that can do it, or the firewall) so I was hoping somebody could recommend something.
YES! And that is significant. Dave's message was very unspecific.
I'm not sure what else you want me to tell you?
This method will tell you exactly what program is trying to access the net. You can then tweak apparmor, for example, to specifically block it. Examples: https://forums.opensuse.org/showthread.php/498827-AppArmor-Profile-Deny-inte...
kiss is the BEST principle!
it appears from following this thread and related that you specifically look for exotic approaches/solutions rather than simple ones. you will never achieve what you seek in a short, managable timeframe unless you try smaller steps and simpler approaches. it is very simple and easy to re-enable network access. does the checks you are trying to make take so much time that you cannot do w/o network access for a short time?
Your approach blocks all programs and all users. He wants to block one.
- -- Cheers Carlos E. R.
(from openSUSE 42.3 x86_64 "Malachite" (Minas Tirith))