diff options
author | netblue30 <netblue30@yahoo.com> | 2018-07-06 09:34:52 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2018-07-06 09:34:52 -0400 |
commit | a8abd88081fabbc9590dd33d413cd0a0641ef642 (patch) | |
tree | 379295500c4b0d36e99a76e03c8ab9d73c0b6b68 /src/man | |
parent | Merge pull request #2033 from smitsohu/whitelist (diff) | |
download | firejail-a8abd88081fabbc9590dd33d413cd0a0641ef642.tar.gz firejail-a8abd88081fabbc9590dd33d413cd0a0641ef642.tar.zst firejail-a8abd88081fabbc9590dd33d413cd0a0641ef642.zip |
--netmask option
Diffstat (limited to 'src/man')
-rw-r--r-- | src/man/firejail-profile.txt | 6 | ||||
-rw-r--r-- | src/man/firejail.txt | 25 |
2 files changed, 26 insertions, 5 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 59f15f75c..50455b038 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -605,6 +605,12 @@ Use this option to deny network access to programs that don't | |||
605 | really need network access. | 605 | really need network access. |
606 | 606 | ||
607 | .TP | 607 | .TP |
608 | \fBnetmask address | ||
609 | Use this option when you want to assign an IP address in a new namespace and | ||
610 | the parent interface specified by --net is not configured. An IP address and | ||
611 | a default gateway address also have to be added. | ||
612 | |||
613 | .TP | ||
608 | \fBveth-name name | 614 | \fBveth-name name |
609 | Use this name for the interface connected to the bridge for --net=bridge_interface commands, | 615 | Use this name for the interface connected to the bridge for --net=bridge_interface commands, |
610 | instead of the default one. | 616 | instead of the default one. |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index d527c05d8..24d4bbd8c 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -824,11 +824,6 @@ Note: \-\-net=none can crash the application on some platforms. | |||
824 | In these cases, it can be replaced with \-\-protocol=unix. | 824 | In these cases, it can be replaced with \-\-protocol=unix. |
825 | 825 | ||
826 | .TP | 826 | .TP |
827 | \fB\-\-netns=name | ||
828 | Run the program in a named, persistent network namespace. These can | ||
829 | be created and configured using "ip netns". | ||
830 | |||
831 | .TP | ||
832 | \fB\-\-netfilter | 827 | \fB\-\-netfilter |
833 | Enable a default firewall if a new network namespace is created inside the sandbox. | 828 | Enable a default firewall if a new network namespace is created inside the sandbox. |
834 | This option has no effect for sandboxes using the system network namespace. | 829 | This option has no effect for sandboxes using the system network namespace. |
@@ -955,6 +950,26 @@ $ firejail --name=browser --net=eth0 --netfilter firefox & | |||
955 | $ firejail --netfilter6.print=browser | 950 | $ firejail --netfilter6.print=browser |
956 | 951 | ||
957 | .TP | 952 | .TP |
953 | \fB\-\-netmask=address | ||
954 | Use this option when you want to assign an IP address in a new namespace and | ||
955 | the parent interface specified by --net is not configured. An IP address and | ||
956 | a default gateway address also have to be added. By default the new namespace | ||
957 | interface comes without IP address and default gateway configured. Example: | ||
958 | .br | ||
959 | |||
960 | .br | ||
961 | $ sudo /sbin/brctl addbr br0 | ||
962 | .br | ||
963 | $ sudo /sbin/ifconfig br0 up | ||
964 | .br | ||
965 | $ firejail --ip=10.10.20.67 --netmask=255.255.255.0 --defaultgw=10.10.20.1 | ||
966 | |||
967 | .TP | ||
968 | \fB\-\-netns=name | ||
969 | Run the program in a named, persistent network namespace. These can | ||
970 | be created and configured using "ip netns". | ||
971 | |||
972 | .TP | ||
958 | \fB\-\-netstats | 973 | \fB\-\-netstats |
959 | Monitor network namespace statistics, see \fBMONITORING\fR section for more details. | 974 | Monitor network namespace statistics, see \fBMONITORING\fR section for more details. |
960 | .br | 975 | .br |