bloqueia o acesso à rede para um determinado programa (navegador)

0

Eu tenho um script python que usa o pywebkitgtk para buscar páginas da web, e eu preciso bloquear o acesso à rede às vezes. Alguma idéia de como fazer isso?

    
por scythargon 23.08.2012 / 04:12

1 resposta

1

Se você é o administrador do sistema, você pode usar iptables (como root) para bloquear certos comandos de acessar certas portas, ou (a seu critério) todas portas (o que é equivalente a isso sendo totalmente incapaz de acessar a rede).

Uma boa referência é aqui , mas o ponto importante é:

If your kernel was compiled with CONFIG_IP_NF_MATCH_OWNER then you can configure your iptables firewall to allow or reject packets on a per-command basis.

The following example shows how to drop all outgoing packets from the acroread command:

iptables -A OUTPUT -m owner --cmd-owner acroread -j DROP

The owner module allows several different options to be used to match, allowing either matching against a process ID, a user ID, or a command name.

--uid-owner userid
Matches if the packet was created by a process with the given effective user id

--gid-owner userid
Matches if the packet was created by a process with the given effective group id

--pid-id processid
Matches if the packet was created by a process with the given process id

--cmd-owner name
Matches if the packet was created by a process with the given command name.

The "owner" module only allows matches on the OUTPUT chain, which lowers its usefulness a little - but if you're in a standard NAT situation it should be sufficient.

    
por 23.08.2012 / 05:26