added netfilter-default config option in /etc/firejail/firejail.config

author: netblue30 <netblue30@yahoo.com> 2016-07-28 10:54:05 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-07-28 10:54:05 -0400
commit: 340a6b2eeb010367180e530af976810c9d762580 (patch)
tree: 7c264554e4ef98d7c7fdcc876f253e0af7eac392 /etc/firejail.config
parent: whitelist fix (diff)
download: firejail-340a6b2eeb010367180e530af976810c9d762580.tar.gz
firejail-340a6b2eeb010367180e530af976810c9d762580.tar.zst
firejail-340a6b2eeb010367180e530af976810c9d762580.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/etc/firejail.config b/etc/firejail.config
index 59bbd77a5..20c4d7a5f 100644
--- a/etc/firejail.config
+++ b/etc/firejail.config
@@ -27,6 +27,13 @@
 # --netfilter only to root user. Regular users are only allowed --net=none.
 # restricted-network no
+# Change default netfilter configuration. When using --netfilter option without
+# a file argument, the default filter is hardcoded (see man 1 firejail). This
+# configuration entry allows the user to change the default by specifying
+# a file containing the filter configuration. The filter file format is the
+# format of  iptables-save  and iptable-restore commands. Example:
+# netfilter-default /etc/iptables.iptables.rules
 # Enable or disable seccomp support, default enabled.
 # seccomp yes
author	netblue30 <netblue30@yahoo.com>	2016-07-28 10:54:05 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-07-28 10:54:05 -0400
commit	340a6b2eeb010367180e530af976810c9d762580 (patch)
tree	7c264554e4ef98d7c7fdcc876f253e0af7eac392 /etc/firejail.config
parent	whitelist fix (diff)
download	firejail-340a6b2eeb010367180e530af976810c9d762580.tar.gz firejail-340a6b2eeb010367180e530af976810c9d762580.tar.zst firejail-340a6b2eeb010367180e530af976810c9d762580.zip

diff --git a/etc/firejail.config b/etc/firejail.config index 59bbd77a5..20c4d7a5f 100644 --- a/etc/firejail.config +++ b/etc/firejail.config
@@ -27,6 +27,13 @@
27	# --netfilter only to root user. Regular users are only allowed --net=none.	27	# --netfilter only to root user. Regular users are only allowed --net=none.
28	# restricted-network no	28	# restricted-network no
29		29
		30	# Change default netfilter configuration. When using --netfilter option without
		31	# a file argument, the default filter is hardcoded (see man 1 firejail). This
		32	# configuration entry allows the user to change the default by specifying
		33	# a file containing the filter configuration. The filter file format is the
		34	# format of iptables-save and iptable-restore commands. Example:
		35	# netfilter-default /etc/iptables.iptables.rules
		36
30	# Enable or disable seccomp support, default enabled.	37	# Enable or disable seccomp support, default enabled.
31	# seccomp yes	38	# seccomp yes
32		39