added webserver.net and nolocal.net network filters

2 files changed, 28 insertions, 1 deletions

diff --git a/src/bash_completion/firejail.bash_completion b/src/bash_completion/firejail.bash_completion
index 98ca5e7a4..21e28c98b 100644
--- a/src/bash_completion/firejail.bash_completion
+++ b/src/bash_completion/firejail.bash_completion
@@ -55,6 +55,10 @@ _firejail()
             _filedir
             return 0
             ;;
+        --netfilter)
+            _filedir
+            return 0
+            ;;
         --shell)
             _filedir
             return 0
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 370fce588..00abc13db 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -587,9 +587,30 @@ New network namespaces are created using \-\-net option. If a new network namesp
 .br
 
 .br
+The following filters are available in /etc/firejail directory:
+.br
+
+.br
+.B webserver.net
+is a webserver filter that allows access only to TCP ports 80 and 443.
 Example:
 .br
-$ firejail \-\-net=eth0 \-\-netfilter=myfile firefox
+
+.br
+$ firejail --netfilter=/etc/firejail/webserver.net --net=eth0 \\
+.br
+/etc/init.d/apache2 start
+.br
+
+.br
+.B nolocal.net
+is a client filter that disable access to local network. Example:
+.br
+
+.br
+$ firejail --netfilter=/etc/firejail/nolocal.net \\
+.br
+--net=eth0 firefox
 .TP
 \fB\-\-netstats
 Monitor network namespace statistics, see MONITORING section for more details.
@@ -598,6 +619,8 @@ Monitor network namespace statistics, see MONITORING section for more details.
 .br
 Example:
 .br
+
+.br
 $ firejail \-\-netstats
 .br
 PID  User    RX(KB/s) TX(KB/s) Command