condnet - per-process firewall kind of thing

condnet is LD_PRELOADable wrapper that can be used to prevent (to a degree) a single process from accessing network. In a way, it can be used to create a firewalled environment. In addition to blocking traffic, it can alter/spoof name server queries.

Features

As of 2 January 2015, condnet hooks only the following calls.

Experimental version

Source package(s) containing string “experimental” are even more incomplete and unsafe. Use at your own peril. Experimental features (may) include:

Limitation

This LD_PRELOAD hack functions by creating entry points for a few commonly used libc calls and taking over from there. If the application uses dlopen and dlsym to find the functions, condnet is powerless. Also, not all network related calls are wrapped.

Usage

There is no documentation for the thing, but taking a look at the sources should help. Also be sure to check file run in the sources for my brief personal memos.

Compiling

If you don’t know how to compile or use it, either you don’t need or want this. If you insist, see run in the package.

Sources

Sources here.