How to block internet access for wine applications?
There's a nice tutorial on blocking any given program from accessing the Internet on the Ubuntu forums.
Steps
sudo addgroup no-internet # Create group "no-internet"
sudo adduser $USER no-internet # Add current user to no-internet
iptables rule to prevent that group from accessing the network
sudo iptables -I OUTPUT 1 -m owner --gid-owner no-internet -j DROP
sudo ip6tables -I OUTPUT 1 -m owner --gid-owner no-internet -j DROP # To also block IPv6 traffic
Process you don't want to have internet access using sg or sudo -g (execute command as different group ID):
sg no-internet -c "processFullPath args"
It basically involves creating a new group, denying it Internet access, and then running any program you want to restrict as that group ID. So in your case, you would just always run wine using the method described in the tutorial.
Make a group and become a member of it
addgroup wino
adduser $USER wino
Now enter an iptables rule to block that group from using the internet
you can type this on the terminal and hit enter
iptables -A OUTPUT -m owner --gid-owner wino -j REJECT
To make this rule run after each reboot with systemd use iptables-persistent save from iptables-persistent package.
If using rc-local: You can put the rule in /etc/rc.local. Make sure the last line in that text file says exit 0.
Usage example:
sg wino "wine executablename.exe"
You need the " " and also type wine before the programs name.
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy"=dword:00000001
"ProxyEnable"=dword:00000001
"ProxyHttp.1.1"=dword:00000000
"ProxyOverride"="<local>"
"ProxyServer"="http://NonExistantProxyAddress:80"
"User Agent"="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1"
to add to your wine (or playonlinux virtual drives) registry :
much simpler solution indeed than using groups (& does not prevent pol to connect, just the apps)
credits to http://ootput.wordpress.com/2011/06/06/block-wine-applications-from-the-internet/comment-page-1/
EDIT : waiting for the geek in the comment to add registry settings to block TCP, in the mean time : http://support.microsoft.com/en-us/kb/154596 (sounds like setting ports to zero or creating some config error will indeed block tcp/udp connections; but i haven't faced that issue quite yet, so i don't have the need for a work around)