disallow networking flag

n0dalus n0dalus at gmail.com
Mon Mar 20 05:55:02 CST 2006

On 3/20/06, rauschenimweltnetz at web.de <rauschenimweltnetz at web.de> wrote:
> I think it would be very usefull to disallow an application started with wine to connect to the network/internet by an options flag.
> Unless somebody would help me to find out what I have to change... So I would try it by myself. But in consideration of the fact that I need this feature as soon as possible I would better like to just watch and learn... ;)

I don't know how much of wine's source would need to be changed to
disallow all network commands, but I know that this kind of thing is
possible using iptables (particularly with the owner extension).

If you create a new user id (which will be the one you use to start
the application, using su or sudo), something like 'nonet', then run
the following:

iptables -I OUTPUT -m owner --uid-owner nonet -j REJECT --reject-with

or something like that (I haven't tested it), it will block the
'nonet' user and any applications started as it from sending network


More information about the wine-devel mailing list