#!/bin/sh # Run without any access #% sudo groupadd sandbox #% useradd -g sandbox sandbox # # Disable network # iptables -A OUTPUT -m owner --gid-owner sandbox -j DROP # Or # iptables -A OUTPUT -m owner --gid-owner sandbox -d 192.168.1.0/24 -j ACCEPT # iptables -A OUTPUT -m owner --gid-owner sandbox -d 127.0.0.0/8 -j ACCEPT # iptables -A OUTPUT -m owner --gid-owner sandbox -j DROP sg sandbox "$@"