- Jan 15, 2018
- 102
- 73
This is a tutorial on how to block the internet for any Unity game or any application in general.
This is intended for Linux and later using Lutris.
I'm making this thread for the same reason that I don't trust Unity with my usage data and for my privacy.
All the commands are using root, you can using
1- Create a new group no-internet
2- Check the recent created group
3- Add a new user or an existing user to no-internet group
New user:
Existing user:
4- Check the user groups
5- Create a script in your path and make it executable
Use your prefered text editor, in this case we use nano.
Content of script:
Make the file executable.
6- Add iptables rule for dropping network activity for group no-internet
In case you would want to make an exception and allow a program to access local network:
Check it, for example on Firefox by running:
7- Check your iptables rules
Iptables works the same as route in windows, if you do it wrong you can reboot and iptables rules return to default.
So to make rules permanet you need to create some files to make it works.
You can check your iptables using
This gonna output a lot of text, you can filter with the group we are interested: OUTPUT
You noted that if you follow this guide, our rule is located in the first position, and if you using UFW firewall you can see a lot of rules with its prefix.
Just be careful not to mess around those UFW rules because this may make your firewall useless.
8- Backup your iptables rules
Before anything if your iptables work as you intended, we'll be making a backup of the rules so we can work with them in the next steps.
9- Make an automated backup of iptables rules
Now we need to automated the step before, so in the next reboot the rules should be loaded to iptables.
Make this following script file.
This gonna execute after a the network interface is down, generaly on a reboot or shutdown. Hence the if-post-down.
Inside copy this code.
Make the file executable.
10- Make an automated restore of iptables rules
For restore the iptables rules when we return to our PC, we need to make another script.
This gonna execute before the network interface is up, generaly when turn on our PC. Hence the if-pre-up.
Inside copy this code.
Make the file executable.
11- Using Lutris with no-internet
This make a lot more easy after all we done so far.
Open Lutris and go to an existing game, or install a new game, go to
Add only
Check the game if its connect to the web.
12- If all is successful make Lutris defaults run with no-internet
Open Lutris and on the left side column you se a section called Runners, hover the mouse on Wine and go to cogwheel
Here is where all the defaults for Wine is setup, so we need to go to
13- Known issue
With this approach there is one issue with Lutris and that is the path to the executable of the game should not content whitespaces because of the shell interactions of the script.
The passage of
This is intended for Linux and later using Lutris.
I'm making this thread for the same reason that I don't trust Unity with my usage data and for my privacy.
All the commands are using root, you can using
sudo -i for example to change user to root.1- Create a new group no-internet
Bash:
groupadd no-internet
Bash:
grep no-internet /etc/groupNew user:
Bash:
useradd -g no-internet <new_user_name>
Bash:
usermod -a -G no-internet <your_user_name>
Bash:
groups <user_name>Use your prefered text editor, in this case we use nano.
Bash:
nano /home/<user_name>/bin/no-internet
Bash:
#!/bin/bash
sg no-internet "$*"
Bash:
chmod 755 /home/username/bin/no-internet
Bash:
iptables -I OUTPUT 1 -m owner --gid-owner no-internet -j DROP
Bash:
iptables -I OUTPUT 1 -m owner --gid-owner no-internet -d 192.168.1.0/24 -j ACCEPT
iptables -I OUTPUT 2 -m owner --gid-owner no-internet -d 127.0.0.0/8 -j ACCEPT
iptables -I OUTPUT 3 -m owner --gid-owner no-internet -j DROP
Bash:
no-internet firefoxIptables works the same as route in windows, if you do it wrong you can reboot and iptables rules return to default.
So to make rules permanet you need to create some files to make it works.
You can check your iptables using
Bash:
iptables --list
Bash:
iptables --list OUTPUTJust be careful not to mess around those UFW rules because this may make your firewall useless.
8- Backup your iptables rules
Before anything if your iptables work as you intended, we'll be making a backup of the rules so we can work with them in the next steps.
Bash:
iptables-save > /etc/network/iptables.ipv4.rules
ip6tables-save > /etc/network/iptables.ipv6.rulesNow we need to automated the step before, so in the next reboot the rules should be loaded to iptables.
Make this following script file.
This gonna execute after a the network interface is down, generaly on a reboot or shutdown. Hence the if-post-down.
Bash:
nano /etc/network/if-post-down.d/iptables_save_rules
Bash:
#!/bin/sh
iptables-save -c > /etc/network/iptables.ipv4.rules
ip6tables-save -c > /etc/network/iptables.ipv6.rules
exit 0
Bash:
chmod +x /etc/network/if-post-down.d/iptables_save_rulesFor restore the iptables rules when we return to our PC, we need to make another script.
This gonna execute before the network interface is up, generaly when turn on our PC. Hence the if-pre-up.
Bash:
nano /etc/network/if-pre-up.d/iptables_restore_rules
Bash:
#!/bin/sh
if [ -f /etc/network/iptables.ipv4.rules ]; then
iptables-restore < /etc/network/iptables.ipv4.rules
fi
if [ -f /etc/network/iptables.ipv6.rules ]; then
ip6tables-restore < /etc/network/iptables.ipv6.rules
fi
exit 0
Bash:
chmod +x /etc/network/if-pre-up.d/iptables_restore_rulesThis make a lot more easy after all we done so far.
Open Lutris and go to an existing game, or install a new game, go to
Configure, go to System Options and then scroll down to Command PrefixAdd only
no-internet and then Save.Check the game if its connect to the web.
12- If all is successful make Lutris defaults run with no-internet
Open Lutris and on the left side column you se a section called Runners, hover the mouse on Wine and go to cogwheel
ConfigureHere is where all the defaults for Wine is setup, so we need to go to
System Option, scroll down to Command Prefix and add no-internet13- Known issue
With this approach there is one issue with Lutris and that is the path to the executable of the game should not content whitespaces because of the shell interactions of the script.
The passage of
lutris > no-internet > sg make the shell interpret the strings quotes and lost it in the next steps, so the only problem are the spaces in between names.So for this to work correctly with Lutris, the path need to be without spaces.
Last edited:
