diff options
Diffstat (limited to 'src/man')
-rw-r--r-- | src/man/firejail.txt | 86 |
1 files changed, 80 insertions, 6 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 06a233440..c26d21ec9 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1548,7 +1548,7 @@ PID User RX(KB/s) TX(KB/s) Command | |||
1548 | 7383 netblue 9.045 0.112 firejail \-\-net=eth0 transmission | 1548 | 7383 netblue 9.045 0.112 firejail \-\-net=eth0 transmission |
1549 | .TP | 1549 | .TP |
1550 | \fB\-\-nettrace[=name|pid] | 1550 | \fB\-\-nettrace[=name|pid] |
1551 | Monitor TCP and UDP traffic coming into the sandbox specified by name or pid. Only networked sandboxes | 1551 | Monitor received TCP. UDP, and ICMP traffic. The sandbox can be specified by name or pid. Only networked sandboxes |
1552 | created with \-\-net are supported. This option is only available when running the sandbox as root. | 1552 | created with \-\-net are supported. This option is only available when running the sandbox as root. |
1553 | .br | 1553 | .br |
1554 | 1554 | ||
@@ -1557,9 +1557,7 @@ Without a name/pid, Firejail will monitor the main system network namespace. | |||
1557 | .br | 1557 | .br |
1558 | 1558 | ||
1559 | .br | 1559 | .br |
1560 | $ sudo firejail --nettrace=browser | 1560 | $ sudo firejail --nettrace=browser |
1561 | .br | ||
1562 | |||
1563 | .br | 1561 | .br |
1564 | 95 KB/s geoip 457, IP database 4436 | 1562 | 95 KB/s geoip 457, IP database 4436 |
1565 | .br | 1563 | .br |
@@ -1576,10 +1574,86 @@ Without a name/pid, Firejail will monitor the main system network namespace. | |||
1576 | 1574 | ||
1577 | .br | 1575 | .br |
1578 | If /usr/bin/geoiplookup is installed (geoip-bin package in Debian), | 1576 | If /usr/bin/geoiplookup is installed (geoip-bin package in Debian), |
1579 | the country the IP address originates from is added to the trace. | 1577 | the country the traffic originates from is added to the trace. |
1580 | We also use the static IP map in /etc/firejail/hostnames | 1578 | We also use the static IP map in /usr/lib/firejail/static-ip-map |
1581 | to print the domain names for some of the more common websites and cloud platforms. | 1579 | to print the domain names for some of the more common websites and cloud platforms. |
1582 | No external services are contacted for reverse IP lookup. | 1580 | No external services are contacted for reverse IP lookup. |
1581 | .TP | ||
1582 | \fB\-\-nettrace-dns[=name|pid] | ||
1583 | Monitor DNS queries. The sandbox can be specified by name or pid. Only networked sandboxes | ||
1584 | created with \-\-net are supported. This option is only available when running the sandbox as root. | ||
1585 | .br | ||
1586 | |||
1587 | .br | ||
1588 | Without a name/pid, Firejail will monitor the main system network namespace. | ||
1589 | .br | ||
1590 | |||
1591 | .br | ||
1592 | $ sudo firejail --nettrace-dns=browser | ||
1593 | .br | ||
1594 | 11:31:43 9.9.9.9 linux.com (type 1) | ||
1595 | .br | ||
1596 | 11:31:45 9.9.9.9 fonts.googleapis.com (type 1) NXDOMAIN | ||
1597 | .br | ||
1598 | 11:31:45 9.9.9.9 js.hs-scripts.com (type 1) NXDOMAIN | ||
1599 | .br | ||
1600 | 11:31:45 9.9.9.9 www.linux.com (type 1) | ||
1601 | .br | ||
1602 | 11:31:45 9.9.9.9 fonts.googleapis.com (type 1) NXDOMAIN | ||
1603 | .br | ||
1604 | 11:31:52 9.9.9.9 js.hs-scripts.com (type 1) NXDOMAIN | ||
1605 | .br | ||
1606 | 11:32:05 9.9.9.9 secure.gravatar.com (type 1) | ||
1607 | .br | ||
1608 | 11:32:06 9.9.9.9 secure.gravatar.com (type 1) | ||
1609 | .br | ||
1610 | 11:32:08 9.9.9.9 taikai.network (type 1) | ||
1611 | .br | ||
1612 | 11:32:08 9.9.9.9 cdn.jsdelivr.net (type 1) | ||
1613 | .br | ||
1614 | 11:32:08 9.9.9.9 taikai.azureedge.net (type 1) | ||
1615 | .br | ||
1616 | 11:32:08 9.9.9.9 www.youtube.com (type 1) | ||
1617 | .br | ||
1618 | .TP | ||
1619 | \fB\-\-nettrace-sni[=name|pid] | ||
1620 | Monitor Server Name Indication (TLS/SNI). The sandbox can be specified by name or pid. Only networked sandboxes | ||
1621 | created with \-\-net are supported. This option is only available when running the sandbox as root. | ||
1622 | .br | ||
1623 | |||
1624 | .br | ||
1625 | Without a name/pid, Firejail will monitor the main system network namespace. | ||
1626 | .br | ||
1627 | |||
1628 | .br | ||
1629 | $ sudo firejail --nettrace-sni=browser | ||
1630 | .br | ||
1631 | 07:49:51 23.185.0.3 linux.com | ||
1632 | .br | ||
1633 | 07:49:51 23.185.0.3 www.linux.com | ||
1634 | .br | ||
1635 | 07:50:05 192.0.73.2 secure.gravatar.com | ||
1636 | .br | ||
1637 | 07:52:35 172.67.68.93 www.howtoforge.com | ||
1638 | .br | ||
1639 | 07:52:37 13.225.103.59 sf.ezoiccdn.com | ||
1640 | .br | ||
1641 | 07:52:42 142.250.176.3 www.gstatic.com | ||
1642 | .br | ||
1643 | 07:53:03 173.236.250.32 www.linuxlinks.com | ||
1644 | .br | ||
1645 | 07:53:05 192.0.77.37 c0.wp.com | ||
1646 | .br | ||
1647 | 07:53:08 192.0.78.32 jetpack.wordpress.com | ||
1648 | .br | ||
1649 | 07:53:09 192.0.77.32 s0.wp.com | ||
1650 | .br | ||
1651 | 07:53:09 192.0.77.2 i0.wp.com | ||
1652 | .br | ||
1653 | 07:53:10 192.0.77.2 i0.wp.com | ||
1654 | .br | ||
1655 | 07:53:11 192.0.73.2 1.gravatar.com | ||
1656 | .br | ||
1583 | #endif | 1657 | #endif |
1584 | .TP | 1658 | .TP |
1585 | \fB\-\-nice=value | 1659 | \fB\-\-nice=value |