I know the PID of a specific process and I want to disable the Internet access for this process and only for this process, so other process can access Internet.
Is there any way to do it?
I googled some stuff and found a way to disable Internet for executable programs.
But I need, for example, to have two running chrome, one having access to Internet and other not.
You can try the following:
unshare. Seems to work fine for terminal programs. I'm unable to get it to work with X11.
unshare -r -n ping google.com
bubblewrap. This is the sandboxing tool used by Flatpak. I find it complicated to use directly.
bubblewrap. As far as I can tell, it is not currently available in Debian/Ubuntu repositories or PPAs, so you would have to build it yourself. Once installed, I find it much easier to setup and use than Firejail.Firejail. You might have to fiddle with the config to get it to work.
firejail --noprofile --net=none firefox
I've just had the same question and found a really nice solution on ubuntuforums.org
Summary
add a group "no-internet" and add your user to it
sudo addgroup no-internet
sudo adduser $USER no-internet
add a iptables rule to prevent that group from accessing the network:
iptables -I OUTPUT 1 -m owner --gid-owner no-internet -j DROP
run the process you don't want to have internet access like with sg (execute command as different group ID):
sg no-internet "process command line"
I would recommend using firewall rules to lock that program out. If you can isolate the port numbers that the program is using you can block traffic on those ports. You can also set up "per process" firewall rules with SELinux or other security software.
https://help.ubuntu.com/community/Gufw
If you're looking for something a little more direct or challenging you can configure IPTables as documented here.
