Created
August 14, 2012 10:26
-
-
Save sdbondi/3348037 to your computer and use it in GitHub Desktop.
Control internet traffic when using a capped/restricted connection in Ubuntu/Debian
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Thanks to Toby Kurien for this awesome trick | |
| # Run this script then any applications launched from this terminal | |
| # will have access to the internet, anything else will not be able to connect | |
| # To create another terminal with the power of internet use 'sudo -g internet -s' | |
| # NOTE: This script will create an "internet" group if one doesn't exist | |
| # Firewall apps - only allow apps run from "internet" group to run | |
| egrep -i "^internet$" /etc/group > /dev/null | |
| if [ $? -ne 0 ]; then | |
| sudo groupadd internet | |
| fi | |
| # clear previous rules | |
| sudo iptables -F | |
| # accept packets for internet group | |
| sudo iptables -A OUTPUT -p tcp -m owner --gid-owner internet -j ACCEPT | |
| # also allow local connections | |
| sudo iptables -A OUTPUT -p tcp -d 127.0.0.1 -j ACCEPT | |
| sudo iptables -A OUTPUT -p tcp -d 10.0.0.106/24 -j ACCEPT # Use your LAN ip | |
| # reject packets for other users | |
| sudo iptables -A OUTPUT -p tcp -j REJECT | |
| # open a shell with internet access | |
| sudo -g internet -s |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment