Control internet traffic when using a capped/restricted connection in Ubuntu/Debian

8/14/2012 - 10:26 AM

Control internet traffic when using a capped/restricted connection in Ubuntu/Debian

#!/bin/sh
# Thanks to Toby Kurien for this awesome trick
# Run this script then any applications launched from this terminal
# will have access to the internet, anything else will not be able to connect
# To create another terminal with the power of internet use 'sudo -g internet -s'
# NOTE: This script will create an "internet" group if one doesn't exist

# Firewall apps - only allow apps run from "internet" group to run
egrep -i "^internet$" /etc/group > /dev/null
if [ $? -ne 0 ]; then
  sudo groupadd internet
fi

# clear previous rules
sudo iptables -F

# accept packets for internet group
sudo iptables -A OUTPUT -p tcp -m owner --gid-owner internet -j ACCEPT

# also allow local connections
sudo iptables -A OUTPUT -p tcp -d 127.0.0.1 -j ACCEPT
sudo iptables -A OUTPUT -p tcp -d 10.0.0.106/24 -j ACCEPT # Use your LAN ip

# reject packets for other users
sudo iptables -A OUTPUT -p tcp -j REJECT

# open a shell with internet access
sudo -g internet -s

Cacher is the code snippet organizer for pro developers

We empower you and your team to get more done, faster

Control internet traffic when using a capped/restricted connection in Ubuntu/Debian