diff options
author | avoidr <avoidr@users.noreply.github.com> | 2016-04-06 23:22:04 +0200 |
---|---|---|
committer | avoidr <avoidr@users.noreply.github.com> | 2016-04-06 23:22:04 +0200 |
commit | 8cbeea768037d6ec4dded7396734c9afdecadb0d (patch) | |
tree | ef9cb4037d029d5c3acce3c8d58582632f9f753e /src/man | |
parent | profile.c: add --net <iface> (diff) | |
download | firejail-8cbeea768037d6ec4dded7396734c9afdecadb0d.tar.gz firejail-8cbeea768037d6ec4dded7396734c9afdecadb0d.tar.zst firejail-8cbeea768037d6ec4dded7396734c9afdecadb0d.zip |
firejail-profile.txt: add --net <iface>
Diffstat (limited to 'src/man')
-rw-r--r-- | src/man/firejail-profile.txt | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index b135ee615..ddfae5948 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -296,10 +296,30 @@ If a new network namespace is created, enabled default network filter. | |||
296 | If a new network namespace is created, enabled the network filter in filename. | 296 | If a new network namespace is created, enabled the network filter in filename. |
297 | 297 | ||
298 | .TP | 298 | .TP |
299 | \fBnet bridge_interface | ||
300 | Enable a new network namespace and connect it to this bridge interface. | ||
301 | Unless specified with option \-\-ip and \-\-defaultgw, an IP address and a default gateway will be assigned | ||
302 | automatically to the sandbox. The IP address is verified using ARP before assignment. The address | ||
303 | configured as default gateway is the bridge device IP address. Up to four \-\-net | ||
304 | bridge devices can be defined. Mixing bridge and macvlan devices is allowed. | ||
305 | |||
306 | .TP | ||
307 | \fBnet ethernet_interface | ||
308 | Enable a new network namespace and connect it | ||
309 | to this ethernet interface using the standard Linux macvlan | ||
310 | driver. Unless specified with option \-\-ip and \-\-defaultgw, an | ||
311 | IP address and a default gateway will be assigned automatically | ||
312 | to the sandbox. The IP address is verified using ARP before | ||
313 | assignment. The address configured as default gateway is the | ||
314 | default gateway of the host. Up to four \-\-net devices can | ||
315 | be defined. Mixing bridge and macvlan devices is allowed. | ||
316 | Note: wlan devices are not supported for this option. | ||
317 | |||
318 | .TP | ||
299 | \fBnet none | 319 | \fBnet none |
300 | Enable a new, unconnected network namespace. The only interface | 320 | Enable a new, unconnected network namespace. The only interface |
301 | available in the new namespace is a new loopback interface (lo). | 321 | available in the new namespace is a new loopback interface (lo). |
302 | Use this option to deny network access to programs that don't | 322 | Use this option to deny network access to programs that don't |
303 | really need network access. | 323 | really need network access. |
304 | 324 | ||
305 | .TP | 325 | .TP |