1 files changed, 2 insertions, 2 deletions
diff --git a/src/firejail/netfilter.c b/src/firejail/netfilter.c
index cb0d9d7af..7246be8cf 100644
--- a/src/firejail/netfilter.c
+++ b/src/firejail/netfilter.c
@@ -98,7 +98,7 @@ void netfilter(const char *fname) {
        // first run of iptables on this platform installs a number of kernel modules such as ip_tables, x_tables, iptable_filter
        // we run this command with caps and seccomp disabled in order to allow the loading of these modules
-        sbox_run(SBOX_ROOT /* | SBOX_CAPS_NETWORK | SBOX_SECCOMP*/ | SBOX_STDIN_FROM_FILE, 1, iptables_restore);
+        sbox_run(SBOX_ROOT | SBOX_STDIN_FROM_FILE, 1, iptables_restore);
        unlink(SBOX_STDIN_FILE);
        // debug
@@ -147,7 +147,7 @@ void netfilter6(const char *fname) {
        // first run of iptables on this platform installs a number of kernel modules such as ip_tables, x_tables, iptable_filter
        // we run this command with caps and seccomp disabled in order to allow the loading of these modules
-        sbox_run(SBOX_ROOT | /* SBOX_CAPS_NETWORK | SBOX_SECCOMP | */ SBOX_STDIN_FROM_FILE, 1, ip6tables_restore);
+        sbox_run(SBOX_ROOT | SBOX_STDIN_FROM_FILE, 1, ip6tables_restore);
        unlink(SBOX_STDIN_FILE);
        // debug

diff --git a/src/firejail/netfilter.c b/src/firejail/netfilter.c index cb0d9d7af..7246be8cf 100644 --- a/src/firejail/netfilter.c +++ b/src/firejail/netfilter.c
@@ -98,7 +98,7 @@ void netfilter(const char *fname) {
98		98
99	// first run of iptables on this platform installs a number of kernel modules such as ip_tables, x_tables, iptable_filter	99	// first run of iptables on this platform installs a number of kernel modules such as ip_tables, x_tables, iptable_filter
100	// we run this command with caps and seccomp disabled in order to allow the loading of these modules	100	// we run this command with caps and seccomp disabled in order to allow the loading of these modules
101	sbox_run(SBOX_ROOT /* \| SBOX_CAPS_NETWORK \| SBOX_SECCOMP*/ \| SBOX_STDIN_FROM_FILE, 1, iptables_restore);	101	sbox_run(SBOX_ROOT \| SBOX_STDIN_FROM_FILE, 1, iptables_restore);
102	unlink(SBOX_STDIN_FILE);	102	unlink(SBOX_STDIN_FILE);
103		103
104	// debug	104	// debug
@@ -147,7 +147,7 @@ void netfilter6(const char *fname) {
147		147
148	// first run of iptables on this platform installs a number of kernel modules such as ip_tables, x_tables, iptable_filter	148	// first run of iptables on this platform installs a number of kernel modules such as ip_tables, x_tables, iptable_filter
149	// we run this command with caps and seccomp disabled in order to allow the loading of these modules	149	// we run this command with caps and seccomp disabled in order to allow the loading of these modules
150	sbox_run(SBOX_ROOT \| /* SBOX_CAPS_NETWORK \| SBOX_SECCOMP \| */ SBOX_STDIN_FROM_FILE, 1, ip6tables_restore);	150	sbox_run(SBOX_ROOT \| SBOX_STDIN_FROM_FILE, 1, ip6tables_restore);
151	unlink(SBOX_STDIN_FILE);	151	unlink(SBOX_STDIN_FILE);
152		152
153	// debug	153	// debug