openSUSE

617 readers

2 users here now

openSUSE is an open, free and secure operating system for PC, laptops, servers and ARM devices. Managing your emails, browsing the web, watching online streams, playing games, serving websites or doing office work never felt this empowering. And best part? It's not only backed by one of the leaders in open source industry, but also driven by lively community.

founded 1 year ago

MODERATORS

stimmer

How to block applications from accessing the Internet (lemm.ee)

submitted 4 months ago by [email protected] to c/opensuse

4 comments fedilink hide all child comments

So I often have to install and test different programs. I do not want programs to access the Internet immediately. After a while I might want to allow it, so it should be easy to allow or disallow internet access at the application level.

Basically I wonder if there is an easy way to do this. It seems that OpenSnitch can do this, but it doesn't seem to work on OpenSuse. I might be able to get it to work eventually, but before I spend hours tinkering with it, do you know of a better solution? Might this even be possible with the built-in firewall or AppArmor?

you are viewing a single comment's thread
view the rest of the comments

[–] sandalbucket 7 points 4 months ago

Use network namespaces :)

A brand new network namespace doesn’t have any network interfaces. When you start a process in a namespace, all its child processes will start there too. It’s like a little network jail, and the functionality is baked into the kernel / is kernel enforced.

I use this to keep certain processes on a vpn, with no need for interface-binding support from the process, or a vpn-killswitch.

Another fun fact, this is the functionality that enables containerization, like docker/podman