denying internet access to a win32 app?

[graysky]

Is there an easy way I can disable a particular win32 app's ability to access the 'net with WINE such that it'll run, but without privs to use my 'net connection?

[vitamin]

Is there an easy way I can disable a particular win32 app's ability to access the 'net with WINE such that it'll run, but without privs to use my 'net connection?

No. Wine does not have such functionality.

[austin987]

On Thu, Nov 6, 2008 at 3:01 AM, graysky <[email protected]> wrote:

Is there an easy way I can disable a particular win32 app's ability to access the 'net with WINE such that it'll run, but without privs to use my 'net connection?

Same as you would any other *nix application. Use iptables/etc. to do this.

--
-Austin

[graysky]

Hate to necrobump a thread, but I'm still facing this issue under Wine 1.2 on my box. Is there a piece of wine I can disable to deny internet functionality to windows apps?

[James McKenzie]

graysky wrote:

Hate to necrobump a thread, but I'm still facing this issue under Wine 1.2 on my box. Is there a piece of wine I can disable to deny internet functionality to windows apps?

The question is not how but why? It is simple to disable Internet
access to Windows applications and I'll ask if you want to do this
across the entire Wine directory. It gets very complex if you want to
deny to one but allow another.

James McKenzie

[graysky]

I'd like to do it to simply keep some apps from connecting out. Can you teach me how to do it to all apps across the ~/.wine dir since you indicated that would be simple?

[graysky]

@James - any info you can provide on this is deeply appreciated.

[vitamin]

I'd like to do it to simply keep some apps from connecting out. Can you teach me how to do it to all apps across the ~/.wine dir since you indicated that would be simple?

Wine can't do that. Use iptables & other sandboxing techniques outside of Wine.

[graysky]

I understand that. To my knowledge, iptables blocks on a hosts or ports basis, but not on a program basis. For example, how would one block all outgoing traffic from any program under ~/.wine

[ryan woodsmall]

For example, how would one block all outgoing traffic from any program under ~/.wine

You can't do that AFAIK. iptables can block outgoing traffic based on user/group ID (at least with Shorewall fronting it). But this has nothing to do with Wine, so you'd be better off asking on an iptables-specific firewall mailing list/forum. -r

[dimesio]

I understand that. To my knowledge, iptables blocks on a hosts or ports basis, but not on a program basis. For example, how would one block all outgoing traffic from any program under ~/.wine

You need something like AppArmor or SELinux. How to use them is not a Wine question; ask on your distro support forum.

[vitamin]

iptables blocks on a hosts or ports basis, but not on a program basis.

And by user / group id. Then run wine under separate user account when you need to run win app with restricted network access.

In either case that's OT. Wine is not sand box and can't do what you want.

[James McKenzie]

graysky wrote:

@James - any info you can provide on this is deeply appreciated.

You can use AppArmor and block the entire Wine application.

However, it is far easier to just disconnect from the Internet when
playing 'those' games.

Wine is not and cannot be a 'sandbox'. It is a user space UNIX/Linux
application.

Again, you have not answered the 'why' question and I'm not really
interested anymore in an answer.

James McKenzie