Permanently disable all networking in Tails OS?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP

up vote
0
down vote

favorite

I would like to use Tails OS to create a pseudo air-gapped system.
The system has WiFi hardware still, but it is “unusable” in Tails due to lack of firmware. I would like to further ensure it remains completely “unusable”.

I’m aware of the manual option to “Disable all networking” on the greetings screen, but would like something more permanent.

The system does not have hardware switches to turn WiFi on / off.

I tried uninstalling networking packages, but the changes don’t persist.

See Defense in depth.

share|improve this question

  • IMO If you want something more “Permanent and foolproof” you need to block internet access via a remote device or unhook the internet connection. Is this a VM or? I use DD-WRT Access Restrictions to block WAN access at home. You could look into IPTables of course >> unix.stackexchange.com/questions/396218/…
    – FreeSoftwareServers
    Nov 29 at 22:48

  • 1

    If the system is already air-gapped, why is there a need to disable networking? Is physical access to the system restricted? Does the system have WiFi? If it does have Wifi, is there a hardware switch (if laptop) or the ability to remove the network card (if desktop) or disable onboard network via BIOS? … If physical access is not restricted, then the air-gapped system is easily compromised anyway…
    – RubberStamp
    Nov 29 at 23:01

  • Thanks, I have updated the question to make the goal more clear.
    – Jonathan Cross
    Nov 30 at 13:40

  • There are a few possible answers to this question… one is to create a udev rule to disable all wireless interfaces upon connection, substituting KERNEL=="wlan*" in this answer … another possible answer is to disable the WiFi through the BIOS (should be an option if onboard) … another answer is to open the laptop case (presumed laptop, but the question should specify) and remove the WiFi module (usually possible) … But, with physical access, none of it matters.
    – RubberStamp
    Nov 30 at 14:00

  • @RubberStamp Will these udev rules persist in TailsOS? It is not totally clear to me what is being substituted with KERNEL=="wlan*" — is it SUBSYSTEMS=="usb" ?
    – Jonathan Cross
    Dec 1 at 16:46

up vote
0
down vote

favorite

I would like to use Tails OS to create a pseudo air-gapped system.
The system has WiFi hardware still, but it is “unusable” in Tails due to lack of firmware. I would like to further ensure it remains completely “unusable”.

I’m aware of the manual option to “Disable all networking” on the greetings screen, but would like something more permanent.

The system does not have hardware switches to turn WiFi on / off.

I tried uninstalling networking packages, but the changes don’t persist.

See Defense in depth.

share|improve this question

  • IMO If you want something more “Permanent and foolproof” you need to block internet access via a remote device or unhook the internet connection. Is this a VM or? I use DD-WRT Access Restrictions to block WAN access at home. You could look into IPTables of course >> unix.stackexchange.com/questions/396218/…
    – FreeSoftwareServers
    Nov 29 at 22:48

  • 1

    If the system is already air-gapped, why is there a need to disable networking? Is physical access to the system restricted? Does the system have WiFi? If it does have Wifi, is there a hardware switch (if laptop) or the ability to remove the network card (if desktop) or disable onboard network via BIOS? … If physical access is not restricted, then the air-gapped system is easily compromised anyway…
    – RubberStamp
    Nov 29 at 23:01

  • Thanks, I have updated the question to make the goal more clear.
    – Jonathan Cross
    Nov 30 at 13:40

  • There are a few possible answers to this question… one is to create a udev rule to disable all wireless interfaces upon connection, substituting KERNEL=="wlan*" in this answer … another possible answer is to disable the WiFi through the BIOS (should be an option if onboard) … another answer is to open the laptop case (presumed laptop, but the question should specify) and remove the WiFi module (usually possible) … But, with physical access, none of it matters.
    – RubberStamp
    Nov 30 at 14:00

  • @RubberStamp Will these udev rules persist in TailsOS? It is not totally clear to me what is being substituted with KERNEL=="wlan*" — is it SUBSYSTEMS=="usb" ?
    – Jonathan Cross
    Dec 1 at 16:46

up vote
0
down vote

favorite

up vote
0
down vote

favorite

I would like to use Tails OS to create a pseudo air-gapped system.
The system has WiFi hardware still, but it is “unusable” in Tails due to lack of firmware. I would like to further ensure it remains completely “unusable”.

I’m aware of the manual option to “Disable all networking” on the greetings screen, but would like something more permanent.

The system does not have hardware switches to turn WiFi on / off.

I tried uninstalling networking packages, but the changes don’t persist.

See Defense in depth.

share|improve this question

I would like to use Tails OS to create a pseudo air-gapped system.
The system has WiFi hardware still, but it is “unusable” in Tails due to lack of firmware. I would like to further ensure it remains completely “unusable”.

I’m aware of the manual option to “Disable all networking” on the greetings screen, but would like something more permanent.

The system does not have hardware switches to turn WiFi on / off.

I tried uninstalling networking packages, but the changes don’t persist.

See Defense in depth.

networking security configuration tails-os

share|improve this question

share|improve this question

share|improve this question

share|improve this question

edited Nov 30 at 13:38

asked Nov 29 at 22:27

Jonathan Cross

1436

1436

  • IMO If you want something more “Permanent and foolproof” you need to block internet access via a remote device or unhook the internet connection. Is this a VM or? I use DD-WRT Access Restrictions to block WAN access at home. You could look into IPTables of course >> unix.stackexchange.com/questions/396218/…
    – FreeSoftwareServers
    Nov 29 at 22:48

  • 1

    If the system is already air-gapped, why is there a need to disable networking? Is physical access to the system restricted? Does the system have WiFi? If it does have Wifi, is there a hardware switch (if laptop) or the ability to remove the network card (if desktop) or disable onboard network via BIOS? … If physical access is not restricted, then the air-gapped system is easily compromised anyway…
    – RubberStamp
    Nov 29 at 23:01

  • Thanks, I have updated the question to make the goal more clear.
    – Jonathan Cross
    Nov 30 at 13:40

  • There are a few possible answers to this question… one is to create a udev rule to disable all wireless interfaces upon connection, substituting KERNEL=="wlan*" in this answer … another possible answer is to disable the WiFi through the BIOS (should be an option if onboard) … another answer is to open the laptop case (presumed laptop, but the question should specify) and remove the WiFi module (usually possible) … But, with physical access, none of it matters.
    – RubberStamp
    Nov 30 at 14:00

  • @RubberStamp Will these udev rules persist in TailsOS? It is not totally clear to me what is being substituted with KERNEL=="wlan*" — is it SUBSYSTEMS=="usb" ?
    – Jonathan Cross
    Dec 1 at 16:46

  • IMO If you want something more “Permanent and foolproof” you need to block internet access via a remote device or unhook the internet connection. Is this a VM or? I use DD-WRT Access Restrictions to block WAN access at home. You could look into IPTables of course >> unix.stackexchange.com/questions/396218/…
    – FreeSoftwareServers
    Nov 29 at 22:48

  • 1

    If the system is already air-gapped, why is there a need to disable networking? Is physical access to the system restricted? Does the system have WiFi? If it does have Wifi, is there a hardware switch (if laptop) or the ability to remove the network card (if desktop) or disable onboard network via BIOS? … If physical access is not restricted, then the air-gapped system is easily compromised anyway…
    – RubberStamp
    Nov 29 at 23:01

  • Thanks, I have updated the question to make the goal more clear.
    – Jonathan Cross
    Nov 30 at 13:40

  • There are a few possible answers to this question… one is to create a udev rule to disable all wireless interfaces upon connection, substituting KERNEL=="wlan*" in this answer … another possible answer is to disable the WiFi through the BIOS (should be an option if onboard) … another answer is to open the laptop case (presumed laptop, but the question should specify) and remove the WiFi module (usually possible) … But, with physical access, none of it matters.
    – RubberStamp
    Nov 30 at 14:00

  • @RubberStamp Will these udev rules persist in TailsOS? It is not totally clear to me what is being substituted with KERNEL=="wlan*" — is it SUBSYSTEMS=="usb" ?
    – Jonathan Cross
    Dec 1 at 16:46

IMO If you want something more “Permanent and foolproof” you need to block internet access via a remote device or unhook the internet connection. Is this a VM or? I use DD-WRT Access Restrictions to block WAN access at home. You could look into IPTables of course >> unix.stackexchange.com/questions/396218/…
– FreeSoftwareServers
Nov 29 at 22:48

IMO If you want something more “Permanent and foolproof” you need to block internet access via a remote device or unhook the internet connection. Is this a VM or? I use DD-WRT Access Restrictions to block WAN access at home. You could look into IPTables of course >> unix.stackexchange.com/questions/396218/…
– FreeSoftwareServers
Nov 29 at 22:48

1

1

If the system is already air-gapped, why is there a need to disable networking? Is physical access to the system restricted? Does the system have WiFi? If it does have Wifi, is there a hardware switch (if laptop) or the ability to remove the network card (if desktop) or disable onboard network via BIOS? … If physical access is not restricted, then the air-gapped system is easily compromised anyway…
– RubberStamp
Nov 29 at 23:01

If the system is already air-gapped, why is there a need to disable networking? Is physical access to the system restricted? Does the system have WiFi? If it does have Wifi, is there a hardware switch (if laptop) or the ability to remove the network card (if desktop) or disable onboard network via BIOS? … If physical access is not restricted, then the air-gapped system is easily compromised anyway…
– RubberStamp
Nov 29 at 23:01

Thanks, I have updated the question to make the goal more clear.
– Jonathan Cross
Nov 30 at 13:40

Thanks, I have updated the question to make the goal more clear.
– Jonathan Cross
Nov 30 at 13:40

There are a few possible answers to this question… one is to create a udev rule to disable all wireless interfaces upon connection, substituting KERNEL=="wlan*" in this answer … another possible answer is to disable the WiFi through the BIOS (should be an option if onboard) … another answer is to open the laptop case (presumed laptop, but the question should specify) and remove the WiFi module (usually possible) … But, with physical access, none of it matters.
– RubberStamp
Nov 30 at 14:00

There are a few possible answers to this question… one is to create a udev rule to disable all wireless interfaces upon connection, substituting KERNEL=="wlan*" in this answer … another possible answer is to disable the WiFi through the BIOS (should be an option if onboard) … another answer is to open the laptop case (presumed laptop, but the question should specify) and remove the WiFi module (usually possible) … But, with physical access, none of it matters.
– RubberStamp
Nov 30 at 14:00

@RubberStamp Will these udev rules persist in TailsOS? It is not totally clear to me what is being substituted with KERNEL=="wlan*" — is it SUBSYSTEMS=="usb" ?
– Jonathan Cross
Dec 1 at 16:46

@RubberStamp Will these udev rules persist in TailsOS? It is not totally clear to me what is being substituted with KERNEL=="wlan*" — is it SUBSYSTEMS=="usb" ?
– Jonathan Cross
Dec 1 at 16:46

active

oldest

votes

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: “”.split(” “),
id: “106”
};
initTagRenderer(“”.split(” “), “”.split(” “), channelOptions);

StackExchange.using(“externalEditor”, function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using(“snippets”, function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: ‘answer’,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: “”,
imageUploader: {
brandingHtml: “Powered by u003ca class=”icon-imgur-white” href=”https://imgur.com/”u003eu003c/au003e”,
contentPolicyHtml: “User contributions licensed under u003ca href=”https://creativecommons.org/licenses/by-sa/3.0/”u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href=”https://stackoverflow.com/legal/content-policy”u003e(content policy)u003c/au003e”,
allowUrls: true
},
onDemand: true,
discardSelector: “.discard-answer”
,immediatelyShowMarkdownHelp:true
});

}
});

draft saved
draft discarded

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin(‘.new-post-login’, ‘https%3a%2f%2funix.stackexchange.com%2fquestions%2f485031%2fpermanently-disable-all-networking-in-tails-os%23new-answer’, ‘question_page’);
}
);

Post as a guest

Required, but never shown

active

oldest

votes

active

oldest

votes

active

oldest

votes

active

oldest

votes

draft saved
draft discarded

Thanks for contributing an answer to Unix & Linux Stack Exchange!

  • Please be sure to answer the question. Provide details and share your research!

But avoid

  • Asking for help, clarification, or responding to other answers.
  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

Some of your past answers have not been well-received, and you’re in danger of being blocked from answering.

Please pay close attention to the following guidance:

  • Please be sure to answer the question. Provide details and share your research!

But avoid

  • Asking for help, clarification, or responding to other answers.
  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin(‘.new-post-login’, ‘https%3a%2f%2funix.stackexchange.com%2fquestions%2f485031%2fpermanently-disable-all-networking-in-tails-os%23new-answer’, ‘question_page’);
}
);

Post as a guest

Required, but never shown

Required, but never shown

Required, but never shown

Required, but never shown

Required, but never shown

Required, but never shown

Required, but never shown

Required, but never shown

Required, but never shown

Related Post

Leave a Reply

Your email address will not be published. Required fields are marked *