From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
I use OpenSnitch https://github.com/evilsocket/opensnitch
It prompts me each time a game attempts to make an outbound connection. I can allow or deny the connection from the process or to the host etc and it can set it as a rule with different time frames like once, until reboot, permanently etc.
firejail --noprofile --net=none -- wine ...
The three dots are what? The path to the .exe file? I tried that and it broke the game. It was complaining about some dx12 something. Also, I tried the firetool app, but it doesn't have anywhere that shows the blocked apps/files. You just have to trust it.
yes, ... is path to .exe, and yes I also has similar problems with some games with default wine
but for gaming I use lutris with proton, and using firejail from lutris has better results for me (almost all games works without issues)
[SomeGame] > Configure > System options > Command prefix > firejail --noprofile --net=none --
firejail --noprofile --net=none --
Is there anything after the two dashes in the firejail --noprofile --net=none -- ?
in lutris no, it will automatically launch as ${COMMAND_PREFIX} ${WINE} ${EXECUTABLE}
Awesome, thank you so much. Do you know what the equivalent is in Heroic games launcher? They have so many options there, wrapper command, environment variables, scripts and some others. I have games there, too.
I've never used the Heroic launcher, but I think the "wrapper command" is what you need
Thank you. I like Heroic better because of the layout. It has all stores on one screen, unlike lutris. The wrapper is asking me to put the "path" in quotes. Oh well, I I'll have to get used to Lutris.
are you using Heroic lsuncher from flatpak?
if yes you need to somehow add firejail to Heroic app, or just restrict acess to internet for whole Heroic launcher flatpak --user override --unshare=network com.heroicgameslauncher.hgl
if not you need to add firejail wrapper with --noprofile --net=none args without any quotes (it says "Make sure to quote args with spaces", which is not your case)
Very much appreciated. Sometimes, some things don't make sense to me in English (second language). Even very simple things. I genuinely thought they're saying add quotes AND spaces to args. 😂 Also, I don't use flatpak. Just regular binary from the AUR. So, I'll add the wrapper. Life is good now thanks to you <3
DNS blocking if their telemetry domains are separate from game domains. They could technically do their own DNS resolution though.
This was my thought too. Seems easiest to me to DNS block on the firewall side (and be network wide).
Anything attempting to leave the LAN on port 53 or 853 gets redirected to my pihole and logged. It's mostly google stuff, but TV's do it too. A determined enshittifier could implement DoH or DoT.
Smart. Right now I just rely on various blacklists that seem to block everything I need to. I might do something like this at some point though to be sure.
I'm running opnsense virtualized. I'd recommend a spare PC with two nics to learn it on first.
Yeah, I'm already running opnsense on an old PC with an added network card. Then I use Unbound DNS with various blacklist filters on my outbound traffic.
It honestly seems good enough because I monitored it for a while when I set it up. But I don't monitor it continually and I don't have specific blocks that I set up myself, just the published blacklists. If something new is phoning home I'd be unaware until I check it, which is what I like about your setup.
That was actually a part of the main question, but then I decided not to include it. Opensnitch shows so many popups that I get confused which is to allow and which to deny. Sometimes things could break and a reboot is necessary.
Edit: I'm going to install it regardless. Thanks
That will be the case with any firewall, you'll have to block everything and then figure out what is needed for the game to work as expected.
True, but I think firewalls don't have that scary popup opensnitch has. They do their thing silently. lol
Set it to default deny and it should stop the popups!
Why not spin up a pihole instance? Once you setup your blocklists you barely have to maintain it besides the occasional update.
Hell, if you don’t have a spare machine to run it on, you can likely run it locally and then change your PC’s network to use it as your DNS resolver.
Turn off internet
That's one way and guaranteed to work, but it's kind of annoying.
It is possible to tighten security to the point where the system is unusable. Security and convenience must be balanced. The trick is to create a secure and useful system. ——The Arch Wiki, Security
Seems OP wants to play online only games, disconnecting might make that impossible.