diff options
author | netblue30 <netblue30@yahoo.com> | 2015-11-20 16:50:29 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-11-20 16:50:29 -0500 |
commit | a039bce14d634e891a670202047b0be674e5d547 (patch) | |
tree | a6f11ab356bce247dcf80bc0231c5a694aa53a9e /src | |
parent | testing (diff) | |
download | firejail-a039bce14d634e891a670202047b0be674e5d547.tar.gz firejail-a039bce14d634e891a670202047b0be674e5d547.tar.zst firejail-a039bce14d634e891a670202047b0be674e5d547.zip |
added webserver.net and nolocal.net network filters
Diffstat (limited to 'src')
-rw-r--r-- | src/bash_completion/firejail.bash_completion | 4 | ||||
-rw-r--r-- | src/man/firejail.txt | 25 |
2 files changed, 28 insertions, 1 deletions
diff --git a/src/bash_completion/firejail.bash_completion b/src/bash_completion/firejail.bash_completion index 98ca5e7a4..21e28c98b 100644 --- a/src/bash_completion/firejail.bash_completion +++ b/src/bash_completion/firejail.bash_completion | |||
@@ -55,6 +55,10 @@ _firejail() | |||
55 | _filedir | 55 | _filedir |
56 | return 0 | 56 | return 0 |
57 | ;; | 57 | ;; |
58 | --netfilter) | ||
59 | _filedir | ||
60 | return 0 | ||
61 | ;; | ||
58 | --shell) | 62 | --shell) |
59 | _filedir | 63 | _filedir |
60 | return 0 | 64 | return 0 |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 370fce588..00abc13db 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -587,9 +587,30 @@ New network namespaces are created using \-\-net option. If a new network namesp | |||
587 | .br | 587 | .br |
588 | 588 | ||
589 | .br | 589 | .br |
590 | The following filters are available in /etc/firejail directory: | ||
591 | .br | ||
592 | |||
593 | .br | ||
594 | .B webserver.net | ||
595 | is a webserver filter that allows access only to TCP ports 80 and 443. | ||
590 | Example: | 596 | Example: |
591 | .br | 597 | .br |
592 | $ firejail \-\-net=eth0 \-\-netfilter=myfile firefox | 598 | |
599 | .br | ||
600 | $ firejail --netfilter=/etc/firejail/webserver.net --net=eth0 \\ | ||
601 | .br | ||
602 | /etc/init.d/apache2 start | ||
603 | .br | ||
604 | |||
605 | .br | ||
606 | .B nolocal.net | ||
607 | is a client filter that disable access to local network. Example: | ||
608 | .br | ||
609 | |||
610 | .br | ||
611 | $ firejail --netfilter=/etc/firejail/nolocal.net \\ | ||
612 | .br | ||
613 | --net=eth0 firefox | ||
593 | .TP | 614 | .TP |
594 | \fB\-\-netstats | 615 | \fB\-\-netstats |
595 | Monitor network namespace statistics, see MONITORING section for more details. | 616 | Monitor network namespace statistics, see MONITORING section for more details. |
@@ -598,6 +619,8 @@ Monitor network namespace statistics, see MONITORING section for more details. | |||
598 | .br | 619 | .br |
599 | Example: | 620 | Example: |
600 | .br | 621 | .br |
622 | |||
623 | .br | ||
601 | $ firejail \-\-netstats | 624 | $ firejail \-\-netstats |
602 | .br | 625 | .br |
603 | PID User RX(KB/s) TX(KB/s) Command | 626 | PID User RX(KB/s) TX(KB/s) Command |