So I often have to install and test different programs. I do not want programs to access the Internet immediately. After a while I might want to allow it, so it should be easy to allow or disallow internet access at the application level.

Basically I wonder if there is an easy way to do this. It seems that OpenSnitch can do this, but it doesn’t seem to work on OpenSuse. I might be able to get it to work eventually, but before I spend hours tinkering with it, do you know of a better solution? Might this even be possible with the built-in firewall or AppArmor?

  • @sandalbucket
    link
    76 months ago

    Use network namespaces :)

    A brand new network namespace doesn’t have any network interfaces. When you start a process in a namespace, all its child processes will start there too. It’s like a little network jail, and the functionality is baked into the kernel / is kernel enforced.

    I use this to keep certain processes on a vpn, with no need for interface-binding support from the process, or a vpn-killswitch.

    Another fun fact, this is the functionality that enables containerization, like docker/podman