From 8cbeea768037d6ec4dded7396734c9afdecadb0d Mon Sep 17 00:00:00 2001 From: avoidr Date: Wed, 6 Apr 2016 23:22:04 +0200 Subject: firejail-profile.txt: add --net --- src/man/firejail-profile.txt | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index b135ee615..ddfae5948 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt @@ -295,11 +295,31 @@ If a new network namespace is created, enabled default network filter. \fBnetfilter filename If a new network namespace is created, enabled the network filter in filename. +.TP +\fBnet bridge_interface +Enable a new network namespace and connect it to this bridge interface. +Unless specified with option \-\-ip and \-\-defaultgw, an IP address and a default gateway will be assigned +automatically to the sandbox. The IP address is verified using ARP before assignment. The address +configured as default gateway is the bridge device IP address. Up to four \-\-net +bridge devices can be defined. Mixing bridge and macvlan devices is allowed. + +.TP +\fBnet ethernet_interface +Enable a new network namespace and connect it +to this ethernet interface using the standard Linux macvlan +driver. Unless specified with option \-\-ip and \-\-defaultgw, an +IP address and a default gateway will be assigned automatically +to the sandbox. The IP address is verified using ARP before +assignment. The address configured as default gateway is the +default gateway of the host. Up to four \-\-net devices can +be defined. Mixing bridge and macvlan devices is allowed. +Note: wlan devices are not supported for this option. + .TP \fBnet none -Enable a new, unconnected network namespace. The only interface +Enable a new, unconnected network namespace. The only interface available in the new namespace is a new loopback interface (lo). -Use this option to deny network access to programs that don't +Use this option to deny network access to programs that don't really need network access. .TP -- cgit v1.2.3-54-g00ecf