1 files changed, 34 insertions, 0 deletions
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 22db6f5fb..fc575d4b5 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -481,6 +481,40 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                return 0;
        }
+        else if (strncmp(ptr, "netmask ", 8) == 0) {
+#ifdef HAVE_NETWORK
+                if (checkcfg(CFG_NETWORK)) {
+                        Bridge *br = last_bridge_configured();
+                        if (br == NULL) {
+                                fprintf(stderr, "Error: no network device configured\n");
+                                exit(1);
+                        }
+                        if (br->arg_ip_none || br->masksandbox) {
+                                fprintf(stderr, "Error: cannot configure the network mask twice for the same interface\n");
+                                exit(1);
+                        }
+                        // configure this network mask for the last bridge defined
+                        if (atoip(ptr + 8, &br->masksandbox)) {
+                                fprintf(stderr, "Error: invalid  network mask\n");
+                                exit(1);
+                        }
+                        // if the bridge is not configured, use this mask as the bridge mask
+                        if (br->mask == 0)
+                                br->mask = br->masksandbox;
+                        else {
+                                fprintf(stderr, "Error: interface %s already has a network mask defined; "
+                                        "please remove --netmask\n",
+                                        br->dev);
+                                exit(1);
+                        }
+                }
+                else
+                        warning_feature_disabled("networking");
+#endif
+                return 0;
+        }
        else if (strncmp(ptr, "ip ", 3) == 0) {
 #ifdef HAVE_NETWORK
                if (checkcfg(CFG_NETWORK)) {

diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 22db6f5fb..fc575d4b5 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c
@@ -481,6 +481,40 @@ int profile_check_line(char ptr, int lineno, const char fname) {
481	return 0;	481	return 0;
482	}	482	}
483		483
		484	else if (strncmp(ptr, "netmask ", 8) == 0) {
		485	#ifdef HAVE_NETWORK
		486	if (checkcfg(CFG_NETWORK)) {
		487	Bridge *br = last_bridge_configured();
		488	if (br == NULL) {
		489	fprintf(stderr, "Error: no network device configured\n");
		490	exit(1);
		491	}
		492	if (br->arg_ip_none \|\| br->masksandbox) {
		493	fprintf(stderr, "Error: cannot configure the network mask twice for the same interface\n");
		494	exit(1);
		495	}
		496
		497	// configure this network mask for the last bridge defined
		498	if (atoip(ptr + 8, &br->masksandbox)) {
		499	fprintf(stderr, "Error: invalid network mask\n");
		500	exit(1);
		501	}
		502
		503	// if the bridge is not configured, use this mask as the bridge mask
		504	if (br->mask == 0)
		505	br->mask = br->masksandbox;
		506	else {
		507	fprintf(stderr, "Error: interface %s already has a network mask defined; "
		508	"please remove --netmask\n",
		509	br->dev);
		510	exit(1);
		511	}
		512	}
		513	else
		514	warning_feature_disabled("networking");
		515	#endif
		516	return 0;
		517	}
484	else if (strncmp(ptr, "ip ", 3) == 0) {	518	else if (strncmp(ptr, "ip ", 3) == 0) {
485	#ifdef HAVE_NETWORK	519	#ifdef HAVE_NETWORK
486	if (checkcfg(CFG_NETWORK)) {	520	if (checkcfg(CFG_NETWORK)) {