block outgoing internet traffic in wine

Opako · Post by **Opako** » Fri Oct 02, 2020 8:45 am

Hello,

In my wine prefix I have installed some programs.
I don't want any of these programs to send anything to the Internet. Is there a way to configure the Wine prefix to block all outgoing traffic?

Thank you.

artix · Post by **artix** » Fri Oct 02, 2020 12:18 pm

You just can block all traffic with ufw while you are playing:

Code: Select all

sudo ufw default deny outgoing

But if you need Internet while you are playing, I will tell you what I do.
I do the opposite.
I block all incoming, outgoing and forward connections with ufw.
Then create a group that has internet access.
And I start my applications that need internet access like this: sg myinternetgroup -c "chrome"

---
install and enable ufw

Code: Select all

sudo ufw default deny incoming
sudo ufw default deny outgoing

create an internet group

Code: Select all

sudo groupadd myinternetgroup
sudo usermod -a -G myinternetgroup $USER

and make this rule permanent.

Code: Select all

iptables -I OUTPUT 1 -m owner --gid-owner myinternetgroup -j ACCEPT

---

It's probably not the best solution, doesn't work with some command like pacman, in this case I have to temporary allow all outgoing connections.
So I will be watching to see if anyone has a better solution than this or blocking every ip.

jkfloris · Post by **jkfloris** » Fri Oct 02, 2020 1:16 pm

Wine Is Not a Emulator.
You can use your Linux firewall to block the application.

Opako · Post by **Opako** » Fri Oct 02, 2020 1:37 pm

@jkfloris
This is wrong. I have asked this question, because we can not block wine with the Linux firewall. It is possible in windows, with a windows firewall, because windows firewalls do have layer 7, but linux firewalls do not have layer 7. With Linux firewalls you can only block ports for all programs and not for particular programs.

Of course you can block all ports before starting your wine program. And you can open the ports again, after having closed your wine program, but this is not what I am asking for.

I am asking for a solution in any wine setting/config file.

artix · Post by **artix** » Fri Oct 02, 2020 3:24 pm

I found an easier solution.

add this to the kernel parameters:

Code: Select all

CONFIG_NET_NS=y

and start wine like this:

Code: Select all

unshare -r -n wine /path/to/your/program.exe

I did some tests and it works for me.
source: https://unix.stackexchange.com/question ... -a-process

jkfloris · Post by **jkfloris** » Fri Oct 02, 2020 4:30 pm

There are Linux firewalls that can block applications:
https://github.com/gustavo-iniguez-goya/opensnitch
https://gitlab.com/douaneapp

Or run Wine with a different group ID and block that group in the firewall
https://askubuntu.com/questions/19346/h ... plications

Opako · Post by **Opako** » Fri Oct 02, 2020 4:48 pm

@artix
I have not seen your post until now. Thank you for the detailed description. Yes, this could be an emergency solution.
But maybe there is a solution with any wine config/setting file?

@jkfloris
I see. Thank you for the links. I only have known firewalls like Gufw.

madewokherd · Post by **madewokherd** » Tue Oct 06, 2020 3:54 pm

Wine does not have any builtin ability to block network traffic.

Opako · Post by **Opako** » Wed Oct 07, 2020 2:37 pm

Thank you @madewokherd to have this said so clearly.

block outgoing internet traffic in wine

block outgoing internet traffic in wine

Re: block outgoing internet traffic in wine

Re: block outgoing internet traffic in wine

Re: block outgoing internet traffic in wine

Re: block outgoing internet traffic in wine

Re: block outgoing internet traffic in wine

Re: block outgoing internet traffic in wine

Re: block outgoing internet traffic in wine

Re: block outgoing internet traffic in wine