networking - Fastest way to disable internet (keeping LAN) from command line?
2014-04
Sopalajo de Arrierez
I think the easiest way to deactivate internet (not LAN) is to remove the default gateway, so, assuming LAN is 10.0.2.0/24 and gateway is 10.0.2.1 :
In Windows:
route delete 0.0.0.0 mask 0.0.0.0 10.0.2.1In Linux:
sudo /sbin/route del default gw 10.0.2.1
To reactivate internet:
In Windows:
route add 0.0.0.0 mask 0.0.0.0 10.0.2.1In Linux:
sudo /sbin/route add default gw 10.0.2.1
But, even when this a simple line, it requires to discover the default gateway first:
In Windows:
route printIn Linux:
sudo /sbin/route
But the problem with this method is that, prior to writing the command line, I need to know the IP of the gateway.
I am going to build some general purpose shell scripts that need to enable/disable internet(but keep LAN working), so it seems I am going to need some grep operations to filter and detect the exact gateway IP number (it could be 10.0.2.1, 127.0.0.1, 127.0.50.1, 192.168.0.1 ... etc), unless I achieve to find a simpler command line.
Any ideas, please?
- EDIT: Some people reports that gateway deletion in Windows could also be done like this:
route delete 0.0.0.0
So, apparently, there would be no problem in modifying the deletion script made by @and31415 .
John1024
On *nix, to find the gateway:
GW="$(sudo /sbin/route -n | awk '{if ($1=="0.0.0.0") {print $2} ; q}')"
sudo /sbin/route del default gw "$GW"
echo "$GW" >~/my_tmp_file
The last line saves the value in a file for later use when you want to restart the network:
sudo /sbin/route add default gw "$(cat ~/my_tmp_file)"
How it works: The above awk command is able to capture the gateway because route -n output looks like:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.2.1 0.0.0.0 UG 0 0 0 eth0
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
The internet gateway is the one that allows destination anywhere (0.0.0.0). Thus, the awk script goes through this output line by line looking at the first column (called $1 in awk notation). When the first column is destination-anywhere, then it prints the second column which is the gateway. The output of the awk command is then captured into the shell variable GW. The shell can then be asked to substitute $GW into any command that needs it.
and31415
Windows batch scripts
Similar to @John1024's approach, here's how you can do it in Windows:
Disable
@echo off
cd /d "%~dp0"
REM retrieve the current gateway
set dest=0.0.0.0
for /f "tokens=2,3" %%A in ('"route print %dest% | findstr /c:"%dest%" "') do (
REM save the IP and delete the gateway
echo %%A %%B>%dest%.txt
route delete %dest% mask %%A %%B >nul
)
exit /b
Enable
@echo off
cd /d "%~dp0"
REM ensure the settings file exists
set dest=0.0.0.0
if not exist %dest%.txt exit /b 2
REM restore the default gateway
for /f "tokens=1,2" %%A in (%dest%.txt) do (route add %dest% mask %%A %%B >nul)
exit /b
Questioner
I can't work. I need to work. But I'm here and on dozens of other sites.
I read Paul Graham's essay about "Disconnecting Distractions" and this is actually something I tried before - using my other laptop only for Internet access and this one only for work.
But then I fell back to using my work computer to access the internet - there's always an excuse to hit FN+F2 to reconnect my WiFi access - and so easy!
How can I make it so painfully difficult to get back online on my work computer each time that I just won't want to bother except in an emergency.
(I use a wifi router for all of my internet access - it's in the other room but I share it with others so I can't just disconnect it).
Matthew Lock
Restrict access to your laptop's MAC address on the router - then you'll need to go to another machine and disable it before you can move on.
You could also block port 80 to your machine ONLY at certain hours of the day when you're meant to be working.
Ask your friendly IT department to block all unproductive sites; also, ask them to automatically redirect you to a local intranet webpage threatening you to "Do your job, or else...". That's what they did where I work and it did the job :).
For bonus points, also kindly ask them to uninstall all your browsers and leave you with only IE6; I'd rather go to the post office to get my mail than to try checking my Gmail account.