How to disable all networking for a running process in Linux?

Asked Jan 22 '24 at 18:38

Active Jan 22 '24 at 18:38

Viewed 74 times

What is the least convoluted way to do it? To start a process with no networking, unshare -n -r does the job reliably.

asked Jan 22 '24 at 18:38

1

I'm not sure there's a good way to do this. You can't move a process into another network namespace, so you can't accomplish the exact equivalent of your unshare command. Standard iptables or nftables does not have the ability to block traffic by pid. This answer suggests moving the process into a cgroup and then blocking network access for that cgroup. – larsks Jan 22 '24 at 23:23
3

Does this answer your question? how to unshare network for current process – A.B Jan 22 '24 at 23:51
Can't say it's least convoluted, but it's the nearest goal, since it does as what is asked. – A.B Jan 22 '24 at 23:53
@A.B Thank you for the link! I will attempt that method and report back. :) – Cigarette Smoking Man Jan 23 '24 at 11:39
The answer that @larsks shared seems to me like the cleanest most reliable way, much better than the gdb solution. – aviro Jan 23 '24 at 13:26
4

Does this answer your question? Block network access of a process? – MC68020 Jan 23 '24 at 14:55
@MC68020 It's already linked from the first comment by larsks. And to answer: it might, will try. – Cigarette Smoking Man Jan 23 '24 at 16:56

0 Answers0