How can I sabotage all networking functionality in a fedora system?

Tim ignored_mailbox at yahoo.com.au
Sun May 4 17:38:20 UTC 2014 

Allegedly, on or about 04 May 2014, Someone sent:
> I'm planning to install a fedora system to a USB flash drive, and
> then give that to someone to boot their machine from. I don't have
> details on the hardware of the target machine, but I'd like to ensure
> that there's no network activity for the duration of their session in
> the environment.

And you can't simply get them to unplug the network cable?

Are you trying to protect them from some expected harm while resolving
some problem?

Without knowing what network hardware is on the PC, it's a bit hard to
block the modules or drivers that might be loaded.  You'd have to block
them all, to be sure.

A simpler method may be to turn on the firewall, or hard code some
iptables rules, so that only 127.0.0.1 can communicate with itself.  I
think you will need to keep that going, or they'll never be able to do
anything with the computer (such as start X).

With prior releases, I would have run this script (below), I'm not sure
if it covers any more recent changes to iptables.  See the man file, but
it seems to work on Fedora 17.  You can't even ping another PC on the
LAN using its numerical IP address.  The last line saves it as the
default iptables configuration, so after you've run this script just the
once, these rules will get loaded when the machine boots up.

#!/bin/bash

## Flush any pre-existing rules:
iptables --flush INPUT
iptables --flush OUTPUT
iptables --flush FORWARD

iptables --flush
iptables --table nat --flush

iptables --delete-chain
iptables --table nat --delete-chain


## Set default (policy) rules:
iptables --policy INPUT DROP
iptables --policy OUTPUT DROP
iptables --policy FORWARD DROP

## It MAY be necessary to allow 127.0.0.1 traffic:
iptables --append INPUT --jump ACCEPT --out-interface lo --source 127.0.0.1/255.0.0.0
iptables --append OUTPUT --jump ACCEPT --out-interface lo --source 127.0.0.1/255.0.0.0

iptables-save > /etc/sysconfig/iptables


-- 
[tim at localhost ~]$ uname -rsvp
Linux 3.9.10-100.fc17.x86_64 #1 SMP Sun Jul 14 01:31:27 UTC 2013 x86_64

All mail to my mailbox is automatically deleted, there is no point
trying to privately email me, I will only read messages posted to the
public lists.

George Orwell's '1984' was supposed to be a warning against tyranny, not
a set of instructions for supposedly democratic governments.

More information about the users mailing list