- Jan 15, 2018
- 107
- 75
This is a tutorial on how to block the internet for any Unity game or any application in general.
This is intended for Linux and later using Lutris.
I'm making this thread for the same reason that I don't trust Unity with my usage data and for my privacy.
All the commands are using root, you can use
1- Create a new group no-internet
2- Check the recent created group
3- Add a new user or an existing user to no-internet group
New user:
Existing user:
4- Check the user groups
5- Create a script in your path and make it executable
Use your preferred text editor, in this case we use nano.
Content of script:
Make the file executable.
6- Add iptables rule for dropping network activity for group no-internet
In case you would want to make an exception and allow a program to access local network:
Check it, for example on Firefox by running:
7- Check your iptables rules
Iptables works the same as route in windows, if you do it wrong you can reboot and iptables rules return to default.
So to make rules permanent you need to create some files to make it works.
You can check your iptables using
This gonna output a lot of text, you can filter with the group we are interested: OUTPUT
You noted that if you follow this guide, our rule is located in the first position, and if you using UFW firewall you can see a lot of rules with its prefix.
Just be careful not to mess around those UFW rules because this may make your firewall useless.
8- Backup your iptables rules
Before anything if your iptables work as you intended, we'll be making a backup of the rules so we can work with them in the next steps.
9- Make an automated backup of iptables rules
Now we need to automated the step before, so in the next reboot the rules should be loaded to iptables.
Make this following script file.
This gonna execute after a the network interface is down, generally on a reboot or shutdown. Hence the if-post-down.
Inside copy this code.
Make the file executable.
10- Make an automated restore of iptables rules
For restore the iptables rules when we return to our PC, we need to make another script.
This gonna execute before the network interface is up, generally when turn on our PC. Hence the if-pre-up.
Inside copy this code.
Make the file executable.
11- Using Lutris with no-internet
This make a lot more easy after all we done so far.
Open Lutris and go to an existing game, or install a new game, go to
Add only
Check the game if its connect to the web.
12- If all is successful make Lutris defaults run with no-internet
Open Lutris and on the left side column you se a section called Runners, hover the mouse on Wine and go to cogwheel
Here is where all the defaults for Wine is setup, so we need to go to
13- Known issue
With this approach there is one issue with Lutris and that is the path to the executable of the game should not content whitespaces because of the shell interactions of the script.
The passage of
This is intended for Linux and later using Lutris.
I'm making this thread for the same reason that I don't trust Unity with my usage data and for my privacy.
All the commands are using root, you can use
sudo -i for example to change user to root.1- Create a new group no-internet
Bash:
groupadd no-internet2- Check the recent created group
Bash:
grep no-internet /etc/group3- Add a new user or an existing user to no-internet group
New user:
Bash:
useradd -g no-internet <new_user_name>
Bash:
usermod -a -G no-internet <your_user_name>4- Check the user groups
Bash:
groups <user_name>5- Create a script in your path and make it executable
Use your preferred text editor, in this case we use nano.
Bash:
nano /home/<user_name>/bin/no-internet
Bash:
#!/bin/bash
sg no-internet "$*"
Bash:
chmod 755 /home/<user_name>/bin/no-internet6- Add iptables rule for dropping network activity for group no-internet
Bash:
iptables -I OUTPUT 1 -m owner --gid-owner no-internet -j DROP
Bash:
iptables -I OUTPUT 1 -m owner --gid-owner no-internet -d 192.168.1.0/24 -j ACCEPT
iptables -I OUTPUT 2 -m owner --gid-owner no-internet -d 127.0.0.0/8 -j ACCEPT
iptables -I OUTPUT 3 -m owner --gid-owner no-internet -j DROP
Bash:
no-internet firefox7- Check your iptables rules
Iptables works the same as route in windows, if you do it wrong you can reboot and iptables rules return to default.
So to make rules permanent you need to create some files to make it works.
You can check your iptables using
Bash:
iptables --list
Bash:
iptables --list OUTPUTYou noted that if you follow this guide, our rule is located in the first position, and if you using UFW firewall you can see a lot of rules with its prefix.
Just be careful not to mess around those UFW rules because this may make your firewall useless.
8- Backup your iptables rules
Before anything if your iptables work as you intended, we'll be making a backup of the rules so we can work with them in the next steps.
Bash:
iptables-save > /etc/network/iptables.ipv4.rules
ip6tables-save > /etc/network/iptables.ipv6.rules9- Make an automated backup of iptables rules
Now we need to automated the step before, so in the next reboot the rules should be loaded to iptables.
Make this following script file.
This gonna execute after a the network interface is down, generally on a reboot or shutdown. Hence the if-post-down.
Bash:
nano /etc/network/if-post-down.d/iptables_save_rules
Bash:
#!/bin/sh
iptables-save -c > /etc/network/iptables.ipv4.rules
ip6tables-save -c > /etc/network/iptables.ipv6.rules
exit 0
Bash:
chmod +x /etc/network/if-post-down.d/iptables_save_rules10- Make an automated restore of iptables rules
For restore the iptables rules when we return to our PC, we need to make another script.
This gonna execute before the network interface is up, generally when turn on our PC. Hence the if-pre-up.
Bash:
nano /etc/network/if-pre-up.d/iptables_restore_rules
Bash:
#!/bin/sh
if [ -f /etc/network/iptables.ipv4.rules ]; then
iptables-restore < /etc/network/iptables.ipv4.rules
fi
if [ -f /etc/network/iptables.ipv6.rules ]; then
ip6tables-restore < /etc/network/iptables.ipv6.rules
fi
exit 0
Bash:
chmod +x /etc/network/if-pre-up.d/iptables_restore_rules11- Using Lutris with no-internet
This make a lot more easy after all we done so far.
Open Lutris and go to an existing game, or install a new game, go to
Configure, go to System Options and then scroll down to Command PrefixAdd only
no-internet and then SaveCheck the game if its connect to the web.
12- If all is successful make Lutris defaults run with no-internet
Open Lutris and on the left side column you se a section called Runners, hover the mouse on Wine and go to cogwheel
ConfigureHere is where all the defaults for Wine is setup, so we need to go to
System Option, scroll down to Command Prefix and add no-internet13- Known issue
With this approach there is one issue with Lutris and that is the path to the executable of the game should not content whitespaces because of the shell interactions of the script.
The passage of
lutris > no-internet > sg make the shell interpret the strings quotes and lost it in the next steps, so the only problem are the spaces in between names.So for this to work correctly with Lutris, the path need to be without spaces.
Last edited:
