On Sunday 09 January 2022 10:35:55 am William Morder via tde-users wrote: Link: https://serverfault.com/questions/550276/how-to-block-internet-access-to-ce rtain-programs-on-linux I had an issue with the instructions in the above link. Including my (programmer pidgin) notes as well, which should allow you to just find/replace michael for your username. Best, Michael Block internet access :As root: iptables -L cat /etc/group groupadd nointernet cat /etc/group usermod -a -G nointernet michael ll /usr/bin/no* nano /usr/bin/nointernet chmod +x /usr/bin/nointernet ll /etc/network/if-pre-up.d nano /etc/network/if-pre-up.d/iptables_nointernet_rule ll /etc/network/if-pre-up.d/iptables_nointernet_rule chmod +x /etc/network/if-pre-up.d/iptables_nointernet_rule ll /etc/network/if-pre-up.d/iptables_nointernet_rule ll /usr/bin/no* cat /etc/network/if-pre-up.d/iptables_nointernet_rule /etc/network/if-pre-up.d/iptables_nointernet_rule # cat /etc/network/if-pre-up.d/iptables_nointernet_rule #!/bin/bash # iptables -A OUTPUT -m owner --gid-owner nointernet -j DROP iptables -I OUTPUT 1 -m owner --gid-owner nointernet -j DROP # cat /usr/bin/nointernet #!/bin/bash COMMAND="$1" shift for arg; do COMMAND="$COMMAND \"$arg\"" done sg nointernet "$COMMAND" :Menu Entry nointernet smplayer %U Notes: NAME sg - execute command as different group ID SYNOPSIS sg [-] [group [-c ] command] DESCRIPTION The sg command works similar to newgrp but accepts a command. The command will be executed with the /bin/sh shell. With most shells you may run sg from, you need to enclose multi-word commands in quotes. Another difference between newgrp and sg is that some shells treat newgrp specially, replacing themselves with a new instance of a shell that newgrp creates. This doesn't happen with sg, so upon exit from a sg command you are returned to your previous group ID.