There are several programs’ that using the internet for no reason or grabbing data, example Master PDF reader. I read the guideline about the firewall, but I don’t understand how to deny access. Can someone tell me how to deny Master PDF access to the internet.
We’ll need to know the distro and firewall you’re using. Maybe Ubuntu and UFW?
Yes Xubuntu and uwf.
I asked the Bing bot and it gave a reasonable reply sort of. You may want to test it. It’s not super user friendly because it requires you to run the application as another user.
Yes, you can use UFW to control which program may connect to the internet. One way to do this is to create a group that is never allowed to use the internet and start the program as a member of this group. Here are the steps:
- Create a group named
no-internetby runningsudo addgroup no-internet.- Add the user to the
no-internetgroup by runningsudo adduser $USER no-internet.- Add a rule to UFW that prevents all processes belonging to the group
no-internetfrom using the network by runningsudo ufw deny out from any to any apparmor=unconfined gid no-internet.- Execute the program as a member of the
no-internetgroup by runningsudo -g no-internet YOURCOMMANDinstead ofYOURCOMMAND.You can easily write a wrapper script that uses sudo for you. You can get rid of the password prompt by adding
%sudo ALL= (:no-internet) NOPASSWD: ALLor, something similar withsudo visudo. Use theufw status numberedcommand to check the status of UFW rules ¹².I hope this helps!
Source: Conversation with Bing, 11/30/2023
(1) How to control internet access for each program? - Ask Ubuntu. firewall - How to control internet access for each program? - Ask Ubuntu.
(2) How to block internet access for wine applications? - Ask Ubuntu. security - How to block internet access for wine applications? - Ask Ubuntu.
(3) ubuntu - How can I restrict applications on having Internet access … ubuntu - How can I restrict applications on having Internet access? - Super User.
1 Like
That’s a lot to study of, because I am not familiar with this stuff, and I’m not sure if I will succeed, but your post is very helpful. Thanks so much for that. Much appreciated. 
The bad thing about that “solution” is that you have to run the program as a certain user. That doesn’t seem very handy.
There may be another way and if I run across something I’ll try to remember to reply back here again.
Good luck.
if you know what URL / DNS sites it’s trying to hit - you can always loop them back to 127.0.0.1 with an /etc/hosts entry…
e.g.
127.0.0.1 www.masterpdf.com
127.0.0.1 masterpdf.com
(I’m making a big assumption with that DNS entry - it’s probably wrong - looks like the product is from https://code-industry.net/ so maybe :
127.0.0.1 www.masterpdf.com
127.0.0.1 masterpdf.com
127.0.0.1 code-industry.net
This was the old fashioned way of ad-blocking… I’ve use that approach before when I didn’t want something “phoning home” or whatever you might call it…
2 Likes
Thank you! I write it all down.
Hi @pollewops 
It should be easy if you have the sandbox firejail installed.
(see: https://firejail.wordpress.com/ )
Firejail seems to come with the respective .profile files:
ll /etc/firejail | grep -i master
-rw-r--r-- 1 root root 356 Aug 15 2021 masterpdfeditor4.profile
-rw-r--r-- 1 root root 356 Aug 15 2021 masterpdfeditor5.profile
-rw-r--r-- 1 root root 787 Jan 22 2023 masterpdfeditor.profile
Just issue the command
firejail --net=none masterpdfeditor5
(if masterpdfeditor5 is the correct terminal command).
Plus: you have the added benefit of higher security due to sandboxing. 
Hope it helps.
Many greetings from Rosika 
P.S.:
from man-pages:
−−net=none
Enable a new, unconnected network namespace. The only interface available in the new name- space is a new loopback interface (lo). Use this option to deny network access to programs that
don’t really need network access.
3 Likes
That’s an easy and useful answer to understand for me. Thank you!
3 Likes
Have you considered asking the makers of Master PDF Editor (support@code-industry.net) why it’s accessing the internet? I’ve dealt with their tech support staff several times and they’ve always been helpful.
For example, if the program is talking to a license server to validate your license, you might not want to block it. 
Just guessing here.
Dan
3 Likes
Indeed, because the program is ‘talking’ to a license server to validate and I want to prevent that.
I won’t get into a discussion about the ethics of blocking a license check, but I will say this:
I think Master PDF Editor is the best PDF editor for Linux and totally worth the licensing cost I pay each year, which is about $35 (USD). They have terrific customer support too. They also appreciate bug reports and fix problems quickly. I am a super-satisfied customer.
3 Likes
You are absolutely right 
btw, blocking was not successful.
The reason for this question was purely technical: how does software behave in the VM. However, the answers given are too technical in nature to be able to understand well and I have not been able to find a manual to try it out well. Master PDF was just a guinea pig
3 Likes
Blocking VMs in VirtualBox from reaching the internet is relatively trivial…
Go to your VM settings, and Network :
And change “Attached to:” to either “Host-only Adapter” :
or “Internal Network” :
Note : I ALWAYS used “Bridged Adaptor” with my VMs in VirtualBox… But that gives them two way access. I think NAT also allows VMs to talk to the public cloud (internet) - Host-only is basically no networking…
3 Likes
That is correct.
What you are doing there in Vbox is blocking all internet access, not just Master PDF…
3 Likes
I was fiddling with something on Apparmor, looked up different things, and just came to this accidentally:
Probably that would be another solution to this question
2 Likes