v3rlly · May 7, 2020 18:05
diff --git a/network-sandbox-linux.sh b/network-sandbox-linux.sh
 #!/bin/bash

 # ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 # "sandbox" account to drop network traffic in linux programs
 # tested on ubuntu 19.10
 # ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 # -------------------------------------------------------------------------
 # 1. Create a user group that should receive the firewall rule
 # -------------------------------------------------------------------------

 # 'password' is the group password
 # 'offline' is the name of the group
 $ sudo groupadd -p password offline
 # check that the group has been created
 $ cat /etc/group | grep offline



 # -------------------------------------------------------------------------
 # 2. create a user to run the programs without an internet connection
 # -------------------------------------------------------------------------


 # -m => create the user folder
 # -g => add user to a group
 # 'offline' => group | 'off' => user
 $ sudo useradd -m -g offline off

 # set a password for the created user
 $ sudo passwd off



 # -------------------------------------------------------------------------
 # 3. allows the 'off' user to access the running X server
 # -------------------------------------------------------------------------

 $ sudo xhost local:off



 # -------------------------------------------------------------------------
 # 4. Create a rule that drop network traffic for the user group 'offline'
 # -------------------------------------------------------------------------

 $ sudo iptables -I OUTPUT 1 -m owner --gid-owner offline -j DROP



 # -------------------------------------------------------------------------
 # 5. run a program this way => su off -c COMAND
 # -------------------------------------------------------------------------

 # examples
 $ su off -c firefox

 # su off -c "python /home/off/codes/hello.py"
 # su off -c "python /home/off/codes/hello.py"
	#!/bin/bash

	# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
	# "sandbox" account to drop network traffic in linux programs
	# tested on ubuntu 19.10
	# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

	# -------------------------------------------------------------------------
	# 1. Create a user group that should receive the firewall rule
	# -------------------------------------------------------------------------

	# 'password' is the group password
	# 'offline' is the name of the group
	$ sudo groupadd -p password offline
	# check that the group has been created
	$ cat /etc/group \| grep offline



	# -------------------------------------------------------------------------
	# 2. create a user to run the programs without an internet connection
	# -------------------------------------------------------------------------


	# -m => create the user folder
	# -g => add user to a group
	# 'offline' => group \| 'off' => user
	$ sudo useradd -m -g offline off

	# set a password for the created user
	$ sudo passwd off



	# -------------------------------------------------------------------------
	# 3. allows the 'off' user to access the running X server
	# -------------------------------------------------------------------------

	$ sudo xhost local:off



	# -------------------------------------------------------------------------
	# 4. Create a rule that drop network traffic for the user group 'offline'
	# -------------------------------------------------------------------------

	$ sudo iptables -I OUTPUT 1 -m owner --gid-owner offline -j DROP



	# -------------------------------------------------------------------------
	# 5. run a program this way => su off -c COMAND
	# -------------------------------------------------------------------------

	# examples
	$ su off -c firefox

	# su off -c "python /home/off/codes/hello.py"
	# su off -c "python /home/off/codes/hello.py"