Selectively Disabling Networking on Debian Linux

Posted on

I recently got around to getting Creatures Exodus running under Wine on Linux. One of the components of the game, the Docking Station, used to provide networking capabilities that allowed you to communicate with other users and exchange creatures, but the servers have not been online in quite some time, and the domain the game attempts to communicate with is now parked. Whenever you launch the game, it contacts the now-defunct domain, does a simple string check and believes there's an update to be downloaded:

Docking Station Updater

To avoid having to see this message every time I start the game, and to prevent someone from executing malicious code on my computer, I wanted to disable the application's network access. I found an Ubuntu Forums post detailing one method of disabling network access, and I wrote a script that uses a similar approach but supports automated installation and uninstallation. Click here to download the script. To install the network-disabling command, make the script executable then launch the script using sudo with "install" as its only argument:

$ chmod +x no-networking.make
$ sudo ./no-networking.make install
Created group 'no-networking'
Installed /etc/network/if-pre-up.d/disable-network-for-group=no-networking.sh
Installed /etc/sudoers.d/run-as-group=no-networking
Installed /usr/local/bin/no-networking
Configuring iptables...
All done :D
Usage: /usr/local/bin/no-networking COMMAND [ARGUMENTS...]

After that, the command no-networking can be used to launch any application with network access disabled:

$ ping google.com
PING google.com (173.194.126.142) 56(84) bytes of data.
64 bytes from nrt04s05-in-f14.1e100.net (173.194.126.142): icmp_seq=1 ttl=50 time=122 ms
^C
--- google.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 122.710/122.710/122.710/0.000 ms
$ no-networking ping google.com
ping: unknown host google.com

To uninstall the no-networking command, re-run the installation script with "uninstall" as its only argument:

$ sudo ./no-networking.make uninstall
- Removed iptables rule.
- Deleted /etc/network/if-pre-up.d/disable-network-for-group=no-networking.sh
- Deleted /usr/local/bin/no-networking
- Deleted group 'no-networking'
All done :(

The script may fail to install with an error message like /usr/bin/make: bad interpreter: No such file or directory. This means make(1) is not installed. Install it by running sudo aptitude install make.