diff options
author | netblue30 <netblue30@yahoo.com> | 2018-07-11 06:42:59 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2018-07-11 06:42:59 -0400 |
commit | 261d08d394559a05d804a76e52183f6e26d871f5 (patch) | |
tree | 0f17c4d61ad92290863590ed4347c5e14729eb20 /src/man | |
parent | Add documentation for keep-dev-shm option (diff) | |
download | firejail-261d08d394559a05d804a76e52183f6e26d871f5.tar.gz firejail-261d08d394559a05d804a76e52183f6e26d871f5.tar.zst firejail-261d08d394559a05d804a76e52183f6e26d871f5.zip |
tunneling support - tap interface in --net option
Diffstat (limited to 'src/man')
-rw-r--r-- | src/man/firejail-profile.txt | 13 | ||||
-rw-r--r-- | src/man/firejail.txt | 14 |
2 files changed, 24 insertions, 3 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 767cf89f4..e29cf4f4b 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -589,16 +589,23 @@ configured as default gateway is the bridge device IP address. Up to four \-\-ne | |||
589 | bridge devices can be defined. Mixing bridge and macvlan devices is allowed. | 589 | bridge devices can be defined. Mixing bridge and macvlan devices is allowed. |
590 | 590 | ||
591 | .TP | 591 | .TP |
592 | \fBnet ethernet_interface | 592 | \fBnet ethernet_interface|wireless_interface |
593 | Enable a new network namespace and connect it | 593 | Enable a new network namespace and connect it |
594 | to this ethernet interface using the standard Linux macvlan | 594 | to this ethernet interface using the standard Linux macvlan or ipvlan |
595 | driver. Unless specified with option \-\-ip and \-\-defaultgw, an | 595 | driver. Unless specified with option \-\-ip and \-\-defaultgw, an |
596 | IP address and a default gateway will be assigned automatically | 596 | IP address and a default gateway will be assigned automatically |
597 | to the sandbox. The IP address is verified using ARP before | 597 | to the sandbox. The IP address is verified using ARP before |
598 | assignment. The address configured as default gateway is the | 598 | assignment. The address configured as default gateway is the |
599 | default gateway of the host. Up to four \-\-net devices can | 599 | default gateway of the host. Up to four \-\-net devices can |
600 | be defined. Mixing bridge and macvlan devices is allowed. | 600 | be defined. Mixing bridge and macvlan devices is allowed. |
601 | Note: wlan devices are not supported for this option. | 601 | |
602 | .TP | ||
603 | \fBnet tap_interface | ||
604 | Enable a new network namespace and connect it | ||
605 | to this ethernet tap interface using the standard Linux macvlan | ||
606 | driver. If the tap interface is not configured, the sandbox | ||
607 | will not try to configure the interface inside the sandbox. | ||
608 | Please use ip, netmask and defaultgw to specify the configuration. | ||
602 | 609 | ||
603 | .TP | 610 | .TP |
604 | \fBnet none | 611 | \fBnet none |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 74a9a9da9..f29d9cddf 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -816,6 +816,20 @@ $ firejail \-\-net=eth0 \-\-ip=192.168.1.80 \-\-dns=8.8.8.8 firefox | |||
816 | $ firejail \-\-net=wlan0 firefox | 816 | $ firejail \-\-net=wlan0 firefox |
817 | 817 | ||
818 | .TP | 818 | .TP |
819 | \fB\-\-net=tap_interface | ||
820 | Enable a new network namespace and connect it | ||
821 | to this ethernet tap interface using the standard Linux macvlan | ||
822 | driver. If the tap interface is not configured, the sandbox | ||
823 | will not try to configure the interface inside the sandbox. | ||
824 | Please use \-\-ip, \-\-netmask and \-\-defaultgw to specify the configuration. | ||
825 | .br | ||
826 | |||
827 | .br | ||
828 | Example: | ||
829 | .br | ||
830 | $ firejail \-\-net=tap0 \-\-ip=10.10.20.80 \-\-netmask=255.255.255.0 \-\-defaultgw=10.10.20.1 firefox | ||
831 | |||
832 | .TP | ||
819 | \fB\-\-net=none | 833 | \fB\-\-net=none |
820 | Enable a new, unconnected network namespace. The only interface | 834 | Enable a new, unconnected network namespace. The only interface |
821 | available in the new namespace is a new loopback interface (lo). | 835 | available in the new namespace is a new loopback interface (lo). |