Skip to content

Instantly share code, notes, and snippets.

@sdbondi
Created August 14, 2012 10:26
Show Gist options
  • Save sdbondi/3348037 to your computer and use it in GitHub Desktop.
Save sdbondi/3348037 to your computer and use it in GitHub Desktop.
Control internet traffic when using a capped/restricted connection in Ubuntu/Debian
#!/bin/sh
# Thanks to Toby Kurien for this awesome trick
# Run this script then any applications launched from this terminal
# will have access to the internet, anything else will not be able to connect
# To create another terminal with the power of internet use 'sudo -g internet -s'
# NOTE: This script will create an "internet" group if one doesn't exist
# Firewall apps - only allow apps run from "internet" group to run
egrep -i "^internet$" /etc/group > /dev/null
if [ $? -ne 0 ]; then
sudo groupadd internet
fi
# clear previous rules
sudo iptables -F
# accept packets for internet group
sudo iptables -A OUTPUT -p tcp -m owner --gid-owner internet -j ACCEPT
# also allow local connections
sudo iptables -A OUTPUT -p tcp -d 127.0.0.1 -j ACCEPT
sudo iptables -A OUTPUT -p tcp -d 10.0.0.106/24 -j ACCEPT # Use your LAN ip
# reject packets for other users
sudo iptables -A OUTPUT -p tcp -j REJECT
# open a shell with internet access
sudo -g internet -s
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment