#!/bin/sh

# Run without any access
#% sudo groupadd sandbox 
#% useradd -g sandbox sandbox
#
# Disable network
# iptables -A OUTPUT -m owner --gid-owner sandbox -j DROP
# Or
# iptables -A OUTPUT -m owner --gid-owner sandbox -d 192.168.1.0/24 -j ACCEPT
# iptables -A OUTPUT -m owner --gid-owner sandbox -d 127.0.0.0/8 -j ACCEPT
# iptables -A OUTPUT -m owner --gid-owner sandbox -j DROP

sg sandbox "$@"