This is an automated archive made by the Lemmit Bot.
The original was posted on /r/linux_gaming by /u/MatheusWillder on 2023-11-02 07:01:04.
I’ve seen this question appear a few times here or on forums and whenever it appears, the answers vary from suggestions to use a Firewall for Linux that works per application, use an AppArmor profile and some others. I decided to make this post with simple methods that work for Bottles, Wine on Flatpak or Wine standalone.
Currently I have just an old hardware that can only run some old Windows games, so I disable internet access for them since the original servers for them are long gone. I hope this tips can help anyone who has this question and want to do the same.
Using Bottles
Bottles has an configuration (experimental for now) that allows you to disable internet access for games/programs. To use it, go to Bottles Preferences>Experiments and activate the Sandbox per bottle option. Then, go to a Bottle>Settings, scroll down and activate Dedicated Sandbox option. In the gear icon for this option, the Share Network option deactivated will disable internet access and activated will activate internet access. If you need, you can follow these screenshots to find these options.
You can update runners or install dependencies even with internet access disabled through this option, as this option will disable internet access only for the games/programs running on a Bottle, not in Bottles as a whole.
The only downside to this option is that if you use Flatpak overrides for Bottles, for example to allow it to access a partition mounted on /mnt or something like that, the override will not work after enabling this, i.e. your games will need to be in a folder accessible by default to Bottles, such your home directory or installed directly on a Bottle.
As it is currently experimental, this option may change in future updates or even be removed (but can also become stable without the need to activate it in Experiments), it worked for me but as pointed out below it can still break some games, if this happens to you an workaround until this feature becomes stable is to disable the internet access using a Flatpak override, basically just follow the steps for Wine on Flatpak below, that is, to disable on a Terminal/Console run flatpak override --user --unshare=network com.usebottles.bottles (without root). The downside is that if you use this the entire Bottles will be unable to update runners or download dependencies until it is activated again, to activate again run flatpak override --user --share=network com.usebottles.bottles (without root). Remove the --user and run as sudo for a system-wide. Thanks to u/Zenfold7 for the heads up.
Wine on Flatpak
This one is easy, Wine was released on Flathub some time ago (unofficially for now) and works basically like Wine standalone, that is, you can run games/programs using on a Terminal/Console, i.e. flatpak run org.winehq.Wine path-to-the-game.exe or flatpak run org.winehq.Wine explore (to browse folders and run the game/program from there). To disable internet access, on a Terminal/Console run flatpak override --user --unshare=network org.winehq.Wine (without root) to disable it for the current user, or sudo flatpak override --unshare=network org.winehq.Wine (as root) to disable it system-wide.
Wine standalone
By Wine standalone, I mean Wine that you install following the instructions from winehq.org or from your distribution, that is, Wine without intermediaries like Bottles or installed through Flatpak. This tip may not work for some games/programs, I’ll explain why below: in a Terminal/Console (without root) run winecfg, in the window that will open go to the Libraries tab, and in New override for library select from the drop-down list wininet and click Add, then click Edit and change Load order to Disable, then click OK and then click OK again. That’s it.
The reason this may not work for some games/programs is that those that depend on it may not run when disabling it. However, for Wine standalone, it seems to be the only simple way to disable internet access without relying on more complex solutions such as a Firewall or an AppArmor profile.
So that’s it, I hope it helps anyone who finds this thread.
Edit: Added an workaround for Bottles.