How to "shut off" all networking on Linux from bash?

3

I'd like to write a bash/shell script that "turns off" the machine's ability to communicate over it's network card, effectively shutting down all networking. From the command line:

# To turn all networking off
sh networking.sh OFF

# Then to turn it back on
sh networking.sh ON

The only way I can think of doing this would be at the port-level via IPTABLES, but having never experimented with that before, I'm not sure if I'm even heading down the right avenue or if I'm way off base. Thanks in advance.

pnongrata

Posted 2012-12-23T21:58:34.860

Reputation: 2 212

1If you have aq simply setup then this would bring all ethernet devices down. for n in ifconfig -a | grep eth | cut -d ' ' -f 1 ; do bringing down echo $n ; ifconfig $a down ; done (ifconfig -a showing all devices. Grep filters down to lines containing eth. Cut first field (separated by spaces). And for to loop through all the answers. Kludgy, but works. – Hennes – 2012-12-23T22:12:56.760

Thanks @Hennes (+1) - can you explain what "aq" is? Also this would work for ethernet devices, but what if the machine has a Wifi adaptor? Is there a solution that works for both wired/wireless?!? I would imagine that both use ports, which is why I had started looking into IPTABLES. Thanks again! – pnongrata – 2012-12-23T22:15:23.443

On GNU/Linux all Ethernet devices seem to be named to ethX (with X starting at 0 for the first, 1 for the second device, 3 for the third, ...). I think that this includes wireless. However note that this is only to bring things down via ifconfig. Ifconfig is used on almost all unices but Linux seems to be moving away from it to a 'new' tool called 'ip'. Also not that while it will work for bringing the network DOWN you want a better answer to bring things up again. – Hennes – 2012-12-23T22:17:49.913

s/aq/a (I need to explain that it was a typo so my text is 15 char or longer) – Hennes – 2012-12-23T22:18:41.990

Thanks again @Hennes - how about trickle? It looks like I could just run trickled (trickle daemon) with up/download bandwidths set to 0. My only question is: how do I restore the up/download bandwidths when I want to bring the network back "up"?!?

– pnongrata – 2012-12-23T22:27:58.220

All ethernet device on linux are not named ethx. Wifi connections are wlanx for example, dsl (or pppoe) are pppx, bridged nics are brx and so on. Anyways, there are command specific to manage networking that are more practical ;) – laurent – 2012-12-23T22:44:34.613

Answers

6

Most linux flavors come with scripts to do this already. They're part of the startup/shutdown process.

In Fedora/RHEL flavors, the scripts are usually accessed via /etc/init.d/. So, you could execute "/etc/init.d/network stop" to stop the network. To start, substitute "start" for "stop."

From the command line, the preference for these flavors is to use the service command: "service network stop" or "service network start."

These commands are limited to the root user. I would recommend against allowing regular users to do something like this.

dafydd

Posted 2012-12-23T21:58:34.860

Reputation: 472

Thanks @dafydd (+1) - please see my comment regarding trickle underneath Hennes' comments. How does trickled compare to what you are talking about? Thanks again!

– pnongrata – 2012-12-23T22:30:25.143

trickle will control the bandwidth, not stop the network (won't pass anything if 0 but network will be running). The answer here shutdown networking. Obs: in some distro (Ubuntu for example) it is networking instead of network like /etc/init.d/networking stop or service networking start – laurent – 2012-12-23T22:40:46.860

1

As you mentioned you can use iptables for this

These rules will drop all incoming and outgoing packets

iptables -A INPUT -j DROP
iptables -A OUTPUT -j DROP

To check the configured rules 

iptables -L

To delete these rules 

iptables -D INPUT -j DROP
iptables -D OUTPUT -j DROP

daya

Posted 2012-12-23T21:58:34.860

Reputation: 2 445

Not the easiest method as the network managing commands are better and will actually bring the network down (not only block everything). Anyways, for this to work always, you need to replace -A with -I in the "stop network" rules to be sure the new rules are placed before any other rules accepting connections in the INPUT table (and not appended at the end of the table with -A). With -A it will basically work only with previously empty iptables. – laurent – 2012-12-23T22:58:36.093

Asked: 2012-12-23T21:58:34.860

Viewed: 4 028 times

Active: 2012-12-23T22:48:56.083