condnet - per-process firewall kind of thing

condnet is LD_PRELOADable wrapper that can be used to prevent (to a degree) a single process from accessing network. In a way, it can be used to create a firewalled environment. In addition to blocking traffic, it can alter/spoof name server queries.


As of 2 January 2015, condnet hooks only the following calls.

Experimental version

Source package(s) containing string “experimental” are even more incomplete and unsafe. Use at your own peril. Experimental features (may) include:


This LD_PRELOAD hack functions by creating entry points for a few commonly used libc calls and taking over from there. If the application uses dlopen and dlsym to find the functions, condnet is powerless. Also, not all network related calls are wrapped.


There is no documentation for the thing, but taking a look at the sources should help. Also be sure to check file run in the sources for my brief personal memos.


If you don’t know how to compile or use it, either you don’t need or want this. If you insist, see run in the package.


Sources here.