How to "shut off" all networking on Linux from bash?

linux networking shell port iptables
5,383

Solution 1

Most linux flavors come with scripts to do this already. They're part of the startup/shutdown process.

In Fedora/RHEL flavors, the scripts are usually accessed via /etc/init.d/. So, you could execute "/etc/init.d/network stop" to stop the network. To start, substitute "start" for "stop."

From the command line, the preference for these flavors is to use the service command: "service network stop" or "service network start."

These commands are limited to the root user. I would recommend against allowing regular users to do something like this.

Solution 2

As you mentioned you can use iptables for this

These rules will drop all incoming and outgoing packets

iptables -A INPUT -j DROP
iptables -A OUTPUT -j DROP

To check the configured rules 

iptables -L

To delete these rules 

iptables -D INPUT -j DROP
iptables -D OUTPUT -j DROP
Share:
5,383

Related videos on Youtube

pnongrata
Author by

pnongrata

Updated on September 18, 2022

Comments

  • pnongrata
    pnongrata over 1 year

    I'd like to write a bash/shell script that "turns off" the machine's ability to communicate over it's network card, effectively shutting down all networking. From the command line:

    # To turn all networking off
sh networking.sh OFF

# Then to turn it back on
sh networking.sh ON

    The only way I can think of doing this would be at the port-level via IPTABLES, but having never experimented with that before, I'm not sure if I'm even heading down the right avenue or if I'm way off base. Thanks in advance.

    • ganesh
      ganesh over 11 years
      If you have aq simply setup then this would bring all ethernet devices down. for n in ifconfig -a | grep eth | cut -d ' ' -f 1 ; do bringing down echo $n ; ifconfig $a down ; done (ifconfig -a showing all devices. Grep filters down to lines containing eth. Cut first field (separated by spaces). And for to loop through all the answers. Kludgy, but works.
    • pnongrata
      pnongrata over 11 years
      Thanks @Hennes (+1) - can you explain what "aq" is? Also this would work for ethernet devices, but what if the machine has a Wifi adaptor? Is there a solution that works for both wired/wireless?!? I would imagine that both use ports, which is why I had started looking into IPTABLES. Thanks again!
    • ganesh
      ganesh over 11 years
      On GNU/Linux all Ethernet devices seem to be named to ethX (with X starting at 0 for the first, 1 for the second device, 3 for the third, ...). I think that this includes wireless. However note that this is only to bring things down via ifconfig. Ifconfig is used on almost all unices but Linux seems to be moving away from it to a 'new' tool called 'ip'. Also not that while it will work for bringing the network DOWN you want a better answer to bring things up again.
    • ganesh
      ganesh over 11 years
      s/aq/a (I need to explain that it was a typo so my text is 15 char or longer)
    • pnongrata
      pnongrata over 11 years
      Thanks again @Hennes - how about trickle? It looks like I could just run trickled (trickle daemon) with up/download bandwidths set to 0. My only question is: how do I restore the up/download bandwidths when I want to bring the network back "up"?!?
    • laurent
      laurent over 11 years
      All ethernet device on linux are not named ethx. Wifi connections are wlanx for example, dsl (or pppoe) are pppx, bridged nics are brx and so on. Anyways, there are command specific to manage networking that are more practical ;)
  • laurent
    laurent over 11 years
    trickle will control the bandwidth, not stop the network (won't pass anything if 0 but network will be running). The answer here shutdown networking. Obs: in some distro (Ubuntu for example) it is networking instead of network like /etc/init.d/networking stop or service networking start
  • laurent
    laurent over 11 years
    Not the easiest method as the network managing commands are better and will actually bring the network down (not only block everything). Anyways, for this to work always, you need to replace -A with -I in the "stop network" rules to be sure the new rules are placed before any other rules accepting connections in the INPUT table (and not appended at the end of the table with -A). With -A it will basically work only with previously empty iptables.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to make all outgoing RST drop
Allow ssh incoming/outgoing and blocking all outgoing besides specific ports
tc on bridge port
Why are incoming packets on a TAP interface seen with tcpdump but not with iptables?
TCP connect: No route to host
Mirror all traffic from one port to another on localhost using iptables
Block port 111 on centos 7
Cannot open port 8080
OpenVPN not listening on port
iptables - how to keep source IP after forwarding?