Code: Select all
ALL ALL=(:no-networking) NOPASSWD:SETENV: ALL
Code: Select all
sudo -g no-networking COMMAND [ARGUMENT]...
Code: Select all
ALL ALL=(:no-networking) NOPASSWD:SETENV: ALL
Code: Select all
sudo -g no-networking COMMAND [ARGUMENT]...
The distribution of configurations to managed computers is not necessarily done by distributing packages. It can be done by configuration packages, in any way.ericpruitt wrote: ↑2023-11-01 04:20 [..] I want to create a Debian package that includes the firewall rules to simplify installing them on other systems. What's the correct way to package network rules?
There isn't a single program to rule them all. If none of them are installed, it can be done using iptables/netfilter.ericpruitt wrote: ↑2023-11-01 04:20 Is there a way I can do that will still work regardless of whether the system uses raw iptables, ufw, firewalld, etc.?
Yes, I realize there are ways to get around this including cron and atd to name a couple of other options. My use case is blocking network access to reduce casual telemetry and old software trying to make outgoing connections to internet services that no longer exist (which is a problem for some older commercial titles I run under Wine). It's NOT intended as protection against malicious software. That being said, iptables has the ability to block traffic using supplementary groups using "--suppl-group" which would reduce the number of avenues for making outgoing connections if the user in question was a member of the group being blocked.lindi wrote: ↑2023-11-03 21:59 Why are you trying to block network traffic here? I can think of many ways to bypass the blocking that you are using (for example "systemd-run --user curl https://ifconfig.me").