diff options
Diffstat (limited to 'src/man')
-rw-r--r-- | src/man/firejail.txt | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 59dc5d310..4cbe7f13d 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1458,17 +1458,19 @@ $ firejail --name=browser --net=eth0 --netfilter firefox & | |||
1458 | $ firejail --netfilter6.print=browser | 1458 | $ firejail --netfilter6.print=browser |
1459 | 1459 | ||
1460 | .TP | 1460 | .TP |
1461 | \fB\-\-netlock=name/pid | 1461 | \fB\-\-netlock |
1462 | Several type of programs (email clients, multiplayer games etc.) talk to a very small | 1462 | Several type of programs (email clients, multiplayer games etc.) talk to a very small |
1463 | number of IP addresses. But the best example is tor browser. It only talks to a guard node, | 1463 | number of IP addresses. But the best example is tor browser. It only talks to a guard node, |
1464 | and there are two or three more on standby in case the main one fails. | 1464 | and there are two or three more on standby in case the main one fails. |
1465 | During startup, the browser contacts all of them, after that it keeps talking to the main | 1465 | During startup, the browser contacts all of them, after that it keeps talking to the main |
1466 | one... for weeks! | 1466 | one... for weeks! |
1467 | 1467 | ||
1468 | Use the network locking feature to build and deploy a network firewall in your sandbox. | 1468 | Use the network locking feature to build and deploy a custom network firewall in your sandbox. |
1469 | The firewall allows only the network traffic to the IP addresses detected during the program | 1469 | The firewall allows only the traffic to the IP addresses detected during the program |
1470 | startup. Traffic to any other address is quietly dropped. By default the startup monitoring | 1470 | startup. Traffic to any other address is quietly dropped. By default the network monitoring |
1471 | time is one minute. Example: | 1471 | time is one minute. |
1472 | |||
1473 | A network namespace (\-\-net=eth0) is required for this feature to work. Example: | ||
1472 | .br | 1474 | .br |
1473 | 1475 | ||
1474 | .br | 1476 | .br |