Hello. I’m new to linux/openSUSE. I have it installed on a spare laptop and so far am really enjoying learning the ins and outs. I have one quick question about installing programs with Wine. If I install a Windows program (exe) using Wine, but don’t want it having ANY internet access, do I have to do anything else or is internet access cut off by default to wine apps? I have the firewall that comes with the OS turned on (on default settings). I hear it has very stringent settings but am not sure about this. Some of the programs will automatically attempt to connect to the internet without any user input / direction to do so. In Windows (what I run now), I have them manually blocked in Zonealarm. thnx for any help.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
wine-based applications, like everything on a SUSE system by default, can
access the Internet. The firewall, by default, blocks all incoming
traffic but does not block outgoing traffic. Outgoing blocking is useful
if you have evil applications installed that you didn’t mean to install,
or that you did mean to install but that are evil (a questionable practice
on your main system). You can block outgoing data but if the software you
are using is not trustworthy I wouldn’t run it in anything other than a
virtual system (not even in an emulator like wine).
In the meantime you may want to do something like the following which uses
NetFilter (for which the iptables command is useful):
Good luck.
On 06/26/2011 11:36 PM, ENUsteve wrote:
>
> Hello. I’m new to linux/openSUSE. I have it installed on a spare laptop
> and so far am really enjoying learning the ins and outs. I have one
> quick question about installing programs with Wine. If I install a
> Windows program (exe) using Wine, but don’t want it having ANY internet
> access, do I have to do anything else or is internet access cut off by
> default to wine apps? I have the firewall that comes with the OS turned
> on (on default settings). I hear it has very stringent settings but am
> not sure about this. Some of the programs will automatically attempt to
> connect to the internet without any user input / direction to do so. In
> Windows (what I run now), I have them manually blocked in Zonealarm.
> thnx for any help.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJOCBxtAAoJEF+XTK08PnB5voMQALbPLh2nnd+N5X9KBJ6BOIQP
Tvkgmw8uv1SdhsQY+Ij80/YZFKMhdW4/FMpWIkxZH1f7lgu7XCxVI3ssZn/qibck
ozCsZVehoQXTL2U50uPICYSw8AJfKQkxLQy4VgdEJo1zCU8jl/AsxGjGOz0R++C2
wZTCPqUCFXSuSEhvRG2x1NwQfBNnSNMlUmCaqvplH0pbJle9bjHeiATN2QxFPXaK
oDDZySOUW84wAsa/Hwd1f7UAx51uE3Q19t+BdjZxMNK6aUr7I31Idke1N39G+qnx
IGXcauyb8nqMEDZhM2zNab0qD5N3vC0h+cdoLfwD1iLFqHzb3lmqHmEF+hglO/N1
m8xdw0Y+XyLp4QrmDh33Z6OLqveDHUQDIfRIJrNkLwwImF/0WPQaJUcPjv2ll4YB
YyVvu+275FBPHoiJCcVuNYSqNJiBSRilCGyVAFgdRT8CYkpadA0EEIEEky0sIJMY
dZ6RKnGxOgBiCiIqHYaiEKOKvtu83brE1NjyQaSiCUZtPHNcDcGJjkfS8r5NRz2F
ywsjxAz9FDmTJH1tkjSre8gkUmgwDDbS9cGaY7qyW3meSeU09aV8SmwSYvPrm4o7
mNjtQrVekrFWcimhlrPDR2Kd7oVSKRyfzhsuu7hmyOalgQt4z38Xq0zWaoD0jMfi
L/QZwhP8U+Qq/KJ1crIh
=/8dW
-----END PGP SIGNATURE-----
Thank you for the response, ab. If I understand that link correctly, does that mean it is actually not possible to filter internet access on a “per application” basis … but instead, this would have to be done on a “per user” basis. ie- create a user with no internet access, then use that account to run the programs? I assume there is a command for that instead of manually logging out then logging in again?
It actually might not be a bad idea. It might be interesting to do the exact opposite … ie- making my actual log-in account completely devoid of any inbound or outbound connection so that nothing can access or be accessed by the network. Then creating a user with internet access and using that user only for things like firefox, etc? Is there a way to associate a user with an application’s icon so that when clicked, the icon is opened with that user (who is not currently logged in)? Or am I misunderstanding this completely? (If that is a dumb question, please keep in mind, I’m a novice to linux and am just starting to learn now).
I thought I found for a moment something that did what I wanted, at least from it’s screenshot, but unfortunately it seems to have been abandoned in 2006: TuxGuardian - An application-based firewall
Yes I think it’s possible but would require a lot of work and is a bit paranoid way to secure yourself (my personal opinion). Keep in mind that by default Linux is very safe and much safer than any other OS at the moment. The command You can use for switching to other users without logging out is :
su - username_you_want_to_switch_to
But if You really are so much into security be sure to check out AppArmor and create some custom profiles which will confine the things particular applications can do the way You want it to.
Best regards,
Greg