diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-07-28 10:54:05 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-07-28 10:54:05 -0400 |
| commit | 340a6b2eeb010367180e530af976810c9d762580 (patch) | |
| tree | 7c264554e4ef98d7c7fdcc876f253e0af7eac392 /etc | |
| parent | whitelist fix (diff) | |
| download | firejail-340a6b2eeb010367180e530af976810c9d762580.tar.gz firejail-340a6b2eeb010367180e530af976810c9d762580.tar.zst firejail-340a6b2eeb010367180e530af976810c9d762580.zip | |
added netfilter-default config option in /etc/firejail/firejail.config
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/firejail.config | 7 | ||||
| -rw-r--r-- | etc/nolocal.net | 3 |
2 files changed, 9 insertions, 1 deletions
diff --git a/etc/firejail.config b/etc/firejail.config index 59bbd77a5..20c4d7a5f 100644 --- a/etc/firejail.config +++ b/etc/firejail.config | |||
| @@ -27,6 +27,13 @@ | |||
| 27 | # --netfilter only to root user. Regular users are only allowed --net=none. | 27 | # --netfilter only to root user. Regular users are only allowed --net=none. |
| 28 | # restricted-network no | 28 | # restricted-network no |
| 29 | 29 | ||
| 30 | # Change default netfilter configuration. When using --netfilter option without | ||
| 31 | # a file argument, the default filter is hardcoded (see man 1 firejail). This | ||
| 32 | # configuration entry allows the user to change the default by specifying | ||
| 33 | # a file containing the filter configuration. The filter file format is the | ||
| 34 | # format of iptables-save and iptable-restore commands. Example: | ||
| 35 | # netfilter-default /etc/iptables.iptables.rules | ||
| 36 | |||
| 30 | # Enable or disable seccomp support, default enabled. | 37 | # Enable or disable seccomp support, default enabled. |
| 31 | # seccomp yes | 38 | # seccomp yes |
| 32 | 39 | ||
diff --git a/etc/nolocal.net b/etc/nolocal.net index 9c0c6e125..9fa785450 100644 --- a/etc/nolocal.net +++ b/etc/nolocal.net | |||
| @@ -4,7 +4,8 @@ | |||
| 4 | :OUTPUT ACCEPT [0:0] | 4 | :OUTPUT ACCEPT [0:0] |
| 5 | 5 | ||
| 6 | ################################################################### | 6 | ################################################################### |
| 7 | # Client filter rejecting local network traffic, with the exception of DNS traffic | 7 | # Client filter rejecting local network traffic, with the exception of |
| 8 | # DNS traffic | ||
| 8 | # | 9 | # |
| 9 | # Usage: | 10 | # Usage: |
| 10 | # firejail --net=eth0 --netfilter=/etc/firejail/nolocal.net firefox | 11 | # firejail --net=eth0 --netfilter=/etc/firejail/nolocal.net firefox |