--netmask option

author: netblue30 <netblue30@yahoo.com> 2018-07-06 09:34:52 -0400
committer: netblue30 <netblue30@yahoo.com> 2018-07-06 09:34:52 -0400
commit: a8abd88081fabbc9590dd33d413cd0a0641ef642 (patch)
tree: 379295500c4b0d36e99a76e03c8ab9d73c0b6b68 /src/man
parent: Merge pull request #2033 from smitsohu/whitelist (diff)
download: firejail-a8abd88081fabbc9590dd33d413cd0a0641ef642.tar.gz
firejail-a8abd88081fabbc9590dd33d413cd0a0641ef642.tar.zst
firejail-a8abd88081fabbc9590dd33d413cd0a0641ef642.zip
2 files changed, 26 insertions, 5 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index 59f15f75c..50455b038 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -605,6 +605,12 @@ Use this option to deny network access to programs that don't
 really need network access.
 .TP
+\fBnetmask address
+Use this option when you want to assign an IP address in a new namespace and
+the parent interface specified by --net is not configured. An IP address and
+a default gateway address also have to be added.
+.TP
 \fBveth-name name
 Use this name for the interface connected to the bridge for --net=bridge_interface commands,
 instead of the default one.
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index d527c05d8..24d4bbd8c 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -824,11 +824,6 @@ Note: \-\-net=none can crash the application on some platforms.
 In these cases, it can be replaced with \-\-protocol=unix.
 .TP
-\fB\-\-netns=name
-Run the program in a named, persistent network namespace.  These can
-be created and configured using "ip netns".
-.TP
 \fB\-\-netfilter
 Enable a default firewall if a new network namespace is created inside the sandbox.
 This option has no effect for sandboxes using the system network namespace.
@@ -955,6 +950,26 @@ $ firejail --name=browser --net=eth0 --netfilter firefox &
 $ firejail --netfilter6.print=browser
 .TP
+\fB\-\-netmask=address
+Use this option when you want to assign an IP address in a new namespace and
+the parent interface specified by --net is not configured. An IP address and
+a default gateway address also have to be added. By default the new namespace
+interface comes without IP address and default gateway configured. Example:
+.br
+.br
+$ sudo /sbin/brctl addbr br0
+.br
+$ sudo /sbin/ifconfig br0 up
+.br
+$ firejail --ip=10.10.20.67 --netmask=255.255.255.0 --defaultgw=10.10.20.1
+.TP
+\fB\-\-netns=name
+Run the program in a named, persistent network namespace.  These can
+be created and configured using "ip netns".
+.TP
 \fB\-\-netstats
 Monitor network namespace statistics, see \fBMONITORING\fR section for more details.
 .br
author	netblue30 <netblue30@yahoo.com>	2018-07-06 09:34:52 -0400
committer	netblue30 <netblue30@yahoo.com>	2018-07-06 09:34:52 -0400
commit	a8abd88081fabbc9590dd33d413cd0a0641ef642 (patch)
tree	379295500c4b0d36e99a76e03c8ab9d73c0b6b68 /src/man
parent	Merge pull request #2033 from smitsohu/whitelist (diff)
download	firejail-a8abd88081fabbc9590dd33d413cd0a0641ef642.tar.gz firejail-a8abd88081fabbc9590dd33d413cd0a0641ef642.tar.zst firejail-a8abd88081fabbc9590dd33d413cd0a0641ef642.zip

diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 59f15f75c..50455b038 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt
@@ -605,6 +605,12 @@ Use this option to deny network access to programs that don't
605	really need network access.	605	really need network access.
606		606
607	.TP	607	.TP
		608	\fBnetmask address
		609	Use this option when you want to assign an IP address in a new namespace and
		610	the parent interface specified by --net is not configured. An IP address and
		611	a default gateway address also have to be added.
		612
		613	.TP
608	\fBveth-name name	614	\fBveth-name name
609	Use this name for the interface connected to the bridge for --net=bridge_interface commands,	615	Use this name for the interface connected to the bridge for --net=bridge_interface commands,
610	instead of the default one.	616	instead of the default one.


diff --git a/src/man/firejail.txt b/src/man/firejail.txt index d527c05d8..24d4bbd8c 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt
@@ -824,11 +824,6 @@ Note: \-\-net=none can crash the application on some platforms.
824	In these cases, it can be replaced with \-\-protocol=unix.	824	In these cases, it can be replaced with \-\-protocol=unix.
825		825
826	.TP	826	.TP
827	\fB\-\-netns=name
828	Run the program in a named, persistent network namespace. These can
829	be created and configured using "ip netns".
830
831	.TP
832	\fB\-\-netfilter	827	\fB\-\-netfilter
833	Enable a default firewall if a new network namespace is created inside the sandbox.	828	Enable a default firewall if a new network namespace is created inside the sandbox.
834	This option has no effect for sandboxes using the system network namespace.	829	This option has no effect for sandboxes using the system network namespace.
@@ -955,6 +950,26 @@ $ firejail --name=browser --net=eth0 --netfilter firefox &
955	$ firejail --netfilter6.print=browser	950	$ firejail --netfilter6.print=browser
956		951
957	.TP	952	.TP
		953	\fB\-\-netmask=address
		954	Use this option when you want to assign an IP address in a new namespace and
		955	the parent interface specified by --net is not configured. An IP address and
		956	a default gateway address also have to be added. By default the new namespace
		957	interface comes without IP address and default gateway configured. Example:
		958	.br
		959
		960	.br
		961	$ sudo /sbin/brctl addbr br0
		962	.br
		963	$ sudo /sbin/ifconfig br0 up
		964	.br
		965	$ firejail --ip=10.10.20.67 --netmask=255.255.255.0 --defaultgw=10.10.20.1
		966
		967	.TP
		968	\fB\-\-netns=name
		969	Run the program in a named, persistent network namespace. These can
		970	be created and configured using "ip netns".
		971
		972	.TP
958	\fB\-\-netstats	973	\fB\-\-netstats
959	Monitor network namespace statistics, see \fBMONITORING\fR section for more details.	974	Monitor network namespace statistics, see \fBMONITORING\fR section for more details.
960	.br	975	.br