disallow networking flag
n0dalus
n0dalus at gmail.com
Mon Mar 20 05:55:02 CST 2006
On 3/20/06, rauschenimweltnetz at web.de <rauschenimweltnetz at web.de> wrote:
>
> I think it would be very usefull to disallow an application started with wine to connect to the network/internet by an options flag.
>
> Unless somebody would help me to find out what I have to change... So I would try it by myself. But in consideration of the fact that I need this feature as soon as possible I would better like to just watch and learn... ;)
>
I don't know how much of wine's source would need to be changed to
disallow all network commands, but I know that this kind of thing is
possible using iptables (particularly with the owner extension).
If you create a new user id (which will be the one you use to start
the application, using su or sudo), something like 'nonet', then run
the following:
iptables -I OUTPUT -m owner --uid-owner nonet -j REJECT --reject-with
imcp-net-unreachable
or something like that (I haven't tested it), it will block the
'nonet' user and any applications started as it from sending network
packets.
HTH,
n0dalus.
More information about the wine-devel
mailing list