Block FlyEnv Popups (source)

This is a comment on Local Test Server, posted by WikiAdmin at 06/15/2026 14:55
View source for Block FlyEnv Popups

To block an application from opening a browser or accessing the internet in Linux, you can use three primary methods depending on whether you want to block **network access**, **browser execution**, or **URL protocol handlers**.

==== 1. Block Network Access (Firewall) ====
The most effective way to prevent an app from "calling a website" is to block its outbound network traffic.

**Using ##iptables## (Universal):**
You can block outgoing connections for a specific executable using the ##owner## module.
%%(hl bash)
# Replace '/path/to/app' with the actual binary path
sudo iptables -A OUTPUT -m owner --cmd-owner /path/to/app -j REJECT
%%
  *Note: This blocks all internet access for that app, preventing it from loading web content or sending data.*

**Using ##firewalld## (RHEL/Fedora/CentOS):**
%%(hl bash)
sudo firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -m owner --cmd-owner /path/to/app -j REJECT
sudo firewall-cmd --reload
%%

==== 2. Block Browser Execution (AppArmor/Flatpak) ====
If the app tries to launch an external browser (e.g., ##firefox##, ##chrome##), you can sandbox it.

**AppArmor (Ubuntu/Debian/OpenSUSE):**
Create a local profile override to deny execution of browser binaries.
  1.  Edit the local profile: ##sudo nano /etc/apparmor.d/local/usr.bin.yourapp##
  2.  Add deny rules:
    %%(hl text)
deny /usr/bin/firefox ix,
    deny /usr/bin/google-chrome ix,
    deny /usr/bin/xdg-open ix,
%%
  3.  Reload the profile: ##sudo systemctl reload apparmor##

**Flatpak (Sandboxed Apps):**
If the app is a Flatpak, you can revoke its network permission entirely, preventing it from launching URLs that require a network.
%%(hl bash)
# Revoke network access for a specific app
flatpak override --user --unshare=network com.example.App
%%
  *For a GUI approach, use **Flatseal** to toggle the "Network" permission off.*

==== 3. Block URL Protocol Handlers (Desktop Environment) ====
If the issue is an app triggering a prompt like "Open xdg-open?", you can disable the system's ability to handle specific protocols (like ##http##, ##https##, or custom schemes).

**Disable ##xdg-open## globally:**
Rename the handler so applications cannot find it (use with caution as this breaks all links):
%%(hl bash)
sudo mv /usr/bin/xdg-open /usr/bin/xdg-open.bak
%%

**Browser-Specific Policy (Chrome/Chromium):**
If a browser is the one launching the external app, you can whitelist only specific allowed protocols via policy files in ##/etc/opt/chrome/policies/managed/##.

==== Summary Recommendation ====
  *   **To stop data exfiltration:** Use **Method 1 (Firewall)**.
  *   **To stop browser popups:** Use **Method 2 (AppArmor)** to deny execution of browser binaries.
  *   **To stop link handling:** Use **Method 3** to disable ##xdg-open##.