--icmptrace

author: netblue30 <netblue30@protonmail.com> 2022-10-24 08:35:01 -0400
committer: netblue30 <netblue30@protonmail.com> 2022-10-24 08:35:01 -0400
commit: 729b1251cd1783a0bc72a96ebc5aba455ccb375f (patch)
tree: 4abb82b3883dc4d1ce5261815f7e53fd8bc4cc3c /src/man/firejail.txt
parent: Merge pull request #5431 from netblue30/musl_warnings (diff)
download: firejail-729b1251cd1783a0bc72a96ebc5aba455ccb375f.tar.gz
firejail-729b1251cd1783a0bc72a96ebc5aba455ccb375f.tar.zst
firejail-729b1251cd1783a0bc72a96ebc5aba455ccb375f.zip
1 files changed, 37 insertions, 3 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index a7e418981..b4be1cd62 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -791,7 +791,9 @@ Without a name/pid, Firejail will monitor the main system network namespace.
 .br
 .br
-$ sudo firejail --dnstrace=browser
+Example:
+.br
+$ sudo firejail --dnstrace
 .br
 11:31:43  9.9.9.9        linux.com (type 1)
 .br
@@ -917,6 +919,34 @@ $ firejail --ignore=seccomp --ignore=caps firefox
 $ firejail \-\-ignore="net eth0" firefox
 #endif
+#ifdef HAVE_NETWORK
+.TP
+\fB\-\-icmptrace[=name|pid]
+Monitor ICMP traffic. The sandbox can be specified by name or pid. Only networked sandboxes
+created with \-\-net are supported. This option is only available when running the sandbox as root.
+.br
+.br
+Without a name/pid, Firejail will monitor the main system network namespace.
+.br
+.br
+Example
+.br
+$ sudo firejail --icmptrace
+.br
+20:53:54  192.168.1.60 -> 142.250.65.174 - 98 bytes - Echo request/0
+.br
+20:53:54  142.250.65.174 -> 192.168.1.60 - 98 bytes - Echo reply/0
+.br
+20:53:55  192.168.1.60 -> 142.250.65.174 - 98 bytes - Echo request/0
+.br
+20:53:55  142.250.65.174 -> 192.168.1.60 - 98 bytes - Echo reply/0
+.br
+20:53:55  192.168.1.60 -> 1.1.1.1 - 154 bytes - Destination unreachable/Port unreachable
+.br
+#endif
 .TP
 \fB\-\-\include=file.profile
 Include a profile file before the regular profiles are used.
@@ -1597,7 +1627,9 @@ Without a name/pid, Firejail will monitor the main system network namespace.
 .br
 .br
-$ sudo firejail --nettrace=browser
+Example:
+.br
+$ sudo firejail --nettrace
 .br
                        95 KB/s  geoip 457, IP database 4436
 .br
@@ -2791,7 +2823,9 @@ Without a name/pid, Firejail will monitor the main system network namespace.
 .br
 .br
-$ sudo firejail --snitrace=browser
+Example:
+.br
+$ sudo firejail --snitrace
 .br
 07:49:51  23.185.0.3       linux.com
 .br
author	netblue30 <netblue30@protonmail.com>	2022-10-24 08:35:01 -0400
committer	netblue30 <netblue30@protonmail.com>	2022-10-24 08:35:01 -0400
commit	729b1251cd1783a0bc72a96ebc5aba455ccb375f (patch)
tree	4abb82b3883dc4d1ce5261815f7e53fd8bc4cc3c /src/man/firejail.txt
parent	Merge pull request #5431 from netblue30/musl_warnings (diff)
download	firejail-729b1251cd1783a0bc72a96ebc5aba455ccb375f.tar.gz firejail-729b1251cd1783a0bc72a96ebc5aba455ccb375f.tar.zst firejail-729b1251cd1783a0bc72a96ebc5aba455ccb375f.zip

diff --git a/src/man/firejail.txt b/src/man/firejail.txt index a7e418981..b4be1cd62 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt
@@ -791,7 +791,9 @@ Without a name/pid, Firejail will monitor the main system network namespace.
791	.br	791	.br
792		792
793	.br	793	.br
794	$ sudo firejail --dnstrace=browser	794	Example:
		795	.br
		796	$ sudo firejail --dnstrace
795	.br	797	.br
796	11:31:43 9.9.9.9 linux.com (type 1)	798	11:31:43 9.9.9.9 linux.com (type 1)
797	.br	799	.br
@@ -917,6 +919,34 @@ $ firejail --ignore=seccomp --ignore=caps firefox
917	$ firejail \-\-ignore="net eth0" firefox	919	$ firejail \-\-ignore="net eth0" firefox
918	#endif	920	#endif
919		921
		922	#ifdef HAVE_NETWORK
		923	.TP
		924	\fB\-\-icmptrace[=name\|pid]
		925	Monitor ICMP traffic. The sandbox can be specified by name or pid. Only networked sandboxes
		926	created with \-\-net are supported. This option is only available when running the sandbox as root.
		927	.br
		928
		929	.br
		930	Without a name/pid, Firejail will monitor the main system network namespace.
		931	.br
		932
		933	.br
		934	Example
		935	.br
		936	$ sudo firejail --icmptrace
		937	.br
		938	20:53:54 192.168.1.60 -> 142.250.65.174 - 98 bytes - Echo request/0
		939	.br
		940	20:53:54 142.250.65.174 -> 192.168.1.60 - 98 bytes - Echo reply/0
		941	.br
		942	20:53:55 192.168.1.60 -> 142.250.65.174 - 98 bytes - Echo request/0
		943	.br
		944	20:53:55 142.250.65.174 -> 192.168.1.60 - 98 bytes - Echo reply/0
		945	.br
		946	20:53:55 192.168.1.60 -> 1.1.1.1 - 154 bytes - Destination unreachable/Port unreachable
		947	.br
		948	#endif
		949
920	.TP	950	.TP
921	\fB\-\-\include=file.profile	951	\fB\-\-\include=file.profile
922	Include a profile file before the regular profiles are used.	952	Include a profile file before the regular profiles are used.
@@ -1597,7 +1627,9 @@ Without a name/pid, Firejail will monitor the main system network namespace.
1597	.br	1627	.br
1598		1628
1599	.br	1629	.br
1600	$ sudo firejail --nettrace=browser	1630	Example:
		1631	.br
		1632	$ sudo firejail --nettrace
1601	.br	1633	.br
1602	95 KB/s geoip 457, IP database 4436	1634	95 KB/s geoip 457, IP database 4436
1603	.br	1635	.br
@@ -2791,7 +2823,9 @@ Without a name/pid, Firejail will monitor the main system network namespace.
2791	.br	2823	.br
2792		2824
2793	.br	2825	.br
2794	$ sudo firejail --snitrace=browser	2826	Example:
		2827	.br
		2828	$ sudo firejail --snitrace
2795	.br	2829	.br
2796	07:49:51 23.185.0.3 linux.com	2830	07:49:51 23.185.0.3 linux.com
2797	.br	2831	.br