diff options
author | netblue30 <netblue30@protonmail.com> | 2023-10-24 09:13:27 -0400 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2023-10-24 09:13:27 -0400 |
commit | fa075b62fb010267e7b9eda8264b596d94d66aab (patch) | |
tree | 70770c7df31ff84f0f02890515eea562f84d8988 /src/man | |
parent | build(deps): bump github/codeql-action from 2.22.3 to 2.22.4 (diff) | |
download | firejail-fa075b62fb010267e7b9eda8264b596d94d66aab.tar.gz firejail-fa075b62fb010267e7b9eda8264b596d94d66aab.tar.zst firejail-fa075b62fb010267e7b9eda8264b596d94d66aab.zip |
enabled nettraces by default in the main build - you would need to be root to run these optionslandlock-split
Diffstat (limited to 'src/man')
-rw-r--r-- | src/man/firejail.1.in | 20 |
1 files changed, 6 insertions, 14 deletions
diff --git a/src/man/firejail.1.in b/src/man/firejail.1.in index ee4adf5b8..06969e851 100644 --- a/src/man/firejail.1.in +++ b/src/man/firejail.1.in | |||
@@ -788,7 +788,6 @@ $ firejail \-\-list | |||
788 | .br | 788 | .br |
789 | $ firejail \-\-dns.print=3272 | 789 | $ firejail \-\-dns.print=3272 |
790 | 790 | ||
791 | #ifdef HAVE_NETWORK | ||
792 | .TP | 791 | .TP |
793 | \fB\-\-dnstrace[=name|pid] | 792 | \fB\-\-dnstrace[=name|pid] |
794 | Monitor DNS queries. The sandbox can be specified by name or pid. Only networked sandboxes | 793 | Monitor DNS queries. The sandbox can be specified by name or pid. Only networked sandboxes |
@@ -828,7 +827,6 @@ $ sudo firejail --dnstrace | |||
828 | .br | 827 | .br |
829 | 11:32:08 9.9.9.9 www.youtube.com (type 1) | 828 | 11:32:08 9.9.9.9 www.youtube.com (type 1) |
830 | .br | 829 | .br |
831 | #endif | ||
832 | 830 | ||
833 | .TP | 831 | .TP |
834 | \fB\-\-env=name=value | 832 | \fB\-\-env=name=value |
@@ -930,7 +928,6 @@ $ firejail --ignore=seccomp --ignore=caps firefox | |||
930 | $ firejail \-\-ignore="net eth0" firefox | 928 | $ firejail \-\-ignore="net eth0" firefox |
931 | #endif | 929 | #endif |
932 | 930 | ||
933 | #ifdef HAVE_NETWORK | ||
934 | .TP | 931 | .TP |
935 | \fB\-\-icmptrace[=name|pid] | 932 | \fB\-\-icmptrace[=name|pid] |
936 | Monitor ICMP traffic. The sandbox can be specified by name or pid. Only networked sandboxes | 933 | Monitor ICMP traffic. The sandbox can be specified by name or pid. Only networked sandboxes |
@@ -956,7 +953,6 @@ $ sudo firejail --icmptrace | |||
956 | .br | 953 | .br |
957 | 20:53:55 192.168.1.60 -> 1.1.1.1 - 154 bytes - Destination unreachable/Port unreachable | 954 | 20:53:55 192.168.1.60 -> 1.1.1.1 - 154 bytes - Destination unreachable/Port unreachable |
958 | .br | 955 | .br |
959 | #endif | ||
960 | 956 | ||
961 | .TP | 957 | .TP |
962 | \fB\-\-\include=file.profile | 958 | \fB\-\-\include=file.profile |
@@ -1643,6 +1639,7 @@ PID User RX(KB/s) TX(KB/s) Command | |||
1643 | 1294 netblue 53.355 1.473 firejail \-\-net=eth0 firefox | 1639 | 1294 netblue 53.355 1.473 firejail \-\-net=eth0 firefox |
1644 | .br | 1640 | .br |
1645 | 7383 netblue 9.045 0.112 firejail \-\-net=eth0 transmission | 1641 | 7383 netblue 9.045 0.112 firejail \-\-net=eth0 transmission |
1642 | #endif | ||
1646 | .TP | 1643 | .TP |
1647 | \fB\-\-nettrace[=name|pid] | 1644 | \fB\-\-nettrace[=name|pid] |
1648 | Monitor received TCP. UDP, and ICMP traffic. The sandbox can be specified by name or pid. Only networked sandboxes | 1645 | Monitor received TCP. UDP, and ICMP traffic. The sandbox can be specified by name or pid. Only networked sandboxes |
@@ -1658,17 +1655,15 @@ Example: | |||
1658 | .br | 1655 | .br |
1659 | $ sudo firejail --nettrace | 1656 | $ sudo firejail --nettrace |
1660 | .br | 1657 | .br |
1661 | 95 KB/s geoip 457, IP database 4436 | 1658 | 93 KB/s address:port (protocol) network |
1662 | .br | 1659 | .br |
1663 | 52 KB/s *********** 64.222.84.207:443 United States | 1660 | 14 B/s ** 104.24.8.4:443(QUIC) Cloudflare |
1664 | .br | 1661 | .br |
1665 | 33 KB/s ******* 89.147.74.105:63930 Hungary | 1662 | 80 KB/s ***************** 192.187.97.90:443(TLS) BitChute |
1666 | .br | 1663 | .br |
1667 | 0 B/s 45.90.28.0:443 NextDNS | 1664 | 1 B/s 149.56.228.45:443(DoH) Canada |
1668 | .br | 1665 | .br |
1669 | 0 B/s 94.70.122.176:52309(UDP) Greece | 1666 | (D)isplay, (S)ave, (C)lear, e(X)it |
1670 | .br | ||
1671 | 339 B/s 104.26.7.35:443 Cloudflare | ||
1672 | .br | 1667 | .br |
1673 | 1668 | ||
1674 | .br | 1669 | .br |
@@ -1677,7 +1672,6 @@ the country the traffic originates from is added to the trace. | |||
1677 | We also use the static IP map in /usr/lib/firejail/static-ip-map | 1672 | We also use the static IP map in /usr/lib/firejail/static-ip-map |
1678 | to print the domain names for some of the more common websites and cloud platforms. | 1673 | to print the domain names for some of the more common websites and cloud platforms. |
1679 | No external services are contacted for reverse IP lookup. | 1674 | No external services are contacted for reverse IP lookup. |
1680 | #endif | ||
1681 | .TP | 1675 | .TP |
1682 | \fB\-\-nice=value | 1676 | \fB\-\-nice=value |
1683 | Set nice value for all processes running inside the sandbox. | 1677 | Set nice value for all processes running inside the sandbox. |
@@ -2862,7 +2856,6 @@ $ firejail \-\-list | |||
2862 | .br | 2856 | .br |
2863 | $ firejail \-\-shutdown=3272 | 2857 | $ firejail \-\-shutdown=3272 |
2864 | 2858 | ||
2865 | #ifdef HAVE_NETWORK | ||
2866 | .TP | 2859 | .TP |
2867 | \fB\-\-snitrace[=name|pid] | 2860 | \fB\-\-snitrace[=name|pid] |
2868 | Monitor Server Name Indication (TLS/SNI). The sandbox can be specified by name or pid. Only networked sandboxes | 2861 | Monitor Server Name Indication (TLS/SNI). The sandbox can be specified by name or pid. Only networked sandboxes |
@@ -2904,7 +2897,6 @@ $ sudo firejail --snitrace | |||
2904 | .br | 2897 | .br |
2905 | 07:53:11 192.0.73.2 1.gravatar.com | 2898 | 07:53:11 192.0.73.2 1.gravatar.com |
2906 | .br | 2899 | .br |
2907 | #endif | ||
2908 | 2900 | ||
2909 | .TP | 2901 | .TP |
2910 | \fB\-\-tab | 2902 | \fB\-\-tab |