netlocker fixes

author: netblue30 <netblue30@protonmail.com> 2022-02-02 10:58:14 -0500
committer: netblue30 <netblue30@protonmail.com> 2022-02-02 10:58:14 -0500
commit: f5c0b6af59b4c5e4c677d8bd9703beb4d2e628c3 (patch)
tree: acc78a5c8591f832c25bee1f988373540993db9e /src/man
parent: Bump github/codeql-action from 1.0.29 to 1.0.30 (diff)
download: firejail-f5c0b6af59b4c5e4c677d8bd9703beb4d2e628c3.tar.gz
firejail-f5c0b6af59b4c5e4c677d8bd9703beb4d2e628c3.tar.zst
firejail-f5c0b6af59b4c5e4c677d8bd9703beb4d2e628c3.zip
1 files changed, 7 insertions, 5 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 59dc5d310..4cbe7f13d 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -1458,17 +1458,19 @@ $ firejail --name=browser --net=eth0 --netfilter firefox &
 $ firejail --netfilter6.print=browser
 .TP
-\fB\-\-netlock=name/pid
+\fB\-\-netlock
 Several type of programs (email clients, multiplayer games etc.) talk to a very small
 number of IP addresses. But the best example is tor browser. It only talks to a guard node,
 and there are two or three more on standby in case the main one fails.
 During startup, the browser contacts all of them, after that it keeps talking to the main
 one... for weeks!
-Use the network locking feature to build and deploy a network firewall in your sandbox.
+Use the network locking feature to build and deploy a custom network firewall in your sandbox.
-The firewall allows only the network traffic to the IP addresses detected during the program
+The firewall allows only the traffic to the IP addresses detected during the program
-startup. Traffic to any other address is quietly dropped. By default the startup monitoring
+startup. Traffic to any other address is quietly dropped. By default the network monitoring
-time is one minute. Example:
+time is one minute.
+A network namespace (\-\-net=eth0) is required for this feature to work. Example:
 .br
 .br
author	netblue30 <netblue30@protonmail.com>	2022-02-02 10:58:14 -0500
committer	netblue30 <netblue30@protonmail.com>	2022-02-02 10:58:14 -0500
commit	f5c0b6af59b4c5e4c677d8bd9703beb4d2e628c3 (patch)
tree	acc78a5c8591f832c25bee1f988373540993db9e /src/man
parent	Bump github/codeql-action from 1.0.29 to 1.0.30 (diff)
download	firejail-f5c0b6af59b4c5e4c677d8bd9703beb4d2e628c3.tar.gz firejail-f5c0b6af59b4c5e4c677d8bd9703beb4d2e628c3.tar.zst firejail-f5c0b6af59b4c5e4c677d8bd9703beb4d2e628c3.zip

diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 59dc5d310..4cbe7f13d 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt
@@ -1458,17 +1458,19 @@ $ firejail --name=browser --net=eth0 --netfilter firefox &
1458	$ firejail --netfilter6.print=browser	1458	$ firejail --netfilter6.print=browser
1459		1459
1460	.TP	1460	.TP
1461	\fB\-\-netlock=name/pid	1461	\fB\-\-netlock
1462	Several type of programs (email clients, multiplayer games etc.) talk to a very small	1462	Several type of programs (email clients, multiplayer games etc.) talk to a very small
1463	number of IP addresses. But the best example is tor browser. It only talks to a guard node,	1463	number of IP addresses. But the best example is tor browser. It only talks to a guard node,
1464	and there are two or three more on standby in case the main one fails.	1464	and there are two or three more on standby in case the main one fails.
1465	During startup, the browser contacts all of them, after that it keeps talking to the main	1465	During startup, the browser contacts all of them, after that it keeps talking to the main
1466	one... for weeks!	1466	one... for weeks!
1467		1467
1468	Use the network locking feature to build and deploy a network firewall in your sandbox.	1468	Use the network locking feature to build and deploy a custom network firewall in your sandbox.
1469	The firewall allows only the network traffic to the IP addresses detected during the program	1469	The firewall allows only the traffic to the IP addresses detected during the program
1470	startup. Traffic to any other address is quietly dropped. By default the startup monitoring	1470	startup. Traffic to any other address is quietly dropped. By default the network monitoring
1471	time is one minute. Example:	1471	time is one minute.
		1472
		1473	A network namespace (\-\-net=eth0) is required for this feature to work. Example:
1472	.br	1474	.br
1473		1475
1474	.br	1476	.br