freebsd-ports/sysutils/mac_nonet/pkg-descr

Simple MAC framework policy to disable access to networking for
certain group.  Running kldload mac_nonet.ko to load the kernel
module.  The load action require root permissions.

Set gid that shouldn't access the network: 
    sysctl security.mac.nonet.gid=31337
and enable enforcing:
     sysctl security.mac.nonet.enabled=1
     
Any call to socket(2) from user in this group will end with EPERM.
You can also select group that can access only AF_UNIX sockets with
security.mac.nonet.local_gid.

WWW: https://github.com/pbiernacki/mac_nonet
New port: sysutils/mac_nonet Simple MAC framework policy to disable access to networking for certain group. Running kldload mac_nonet.ko to load the kernel module. The load action require root permissions. Set gid that shouldn't access the network: sysctl security.mac.nonet.gid=31337 and enable enforcing: sysctl security.mac.nonet.enabled=1 Any call to socket(2) from user in this group will end with EPERM. You can also select group that can access only AF_UNIX sockets with security.mac.nonet.local_gid. WWW: https://github.com/pbiernacki/mac_nonet PR: 219376 Submitted by: amutu@amutu.com Reviewed by: bapt 2018-03-12 08:05:24 +01:00			`Simple MAC framework policy to disable access to networking for`
			`certain group. Running kldload mac_nonet.ko to load the kernel`
			`module. The load action require root permissions.`

			`Set gid that shouldn't access the network:`
			`sysctl security.mac.nonet.gid=31337`
			`and enable enforcing:`
			`sysctl security.mac.nonet.enabled=1`

			`Any call to socket(2) from user in this group will end with EPERM.`
			`You can also select group that can access only AF_UNIX sockets with`
			`security.mac.nonet.local_gid.`

			`WWW: https://github.com/pbiernacki/mac_nonet`