From 340a6b2eeb010367180e530af976810c9d762580 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Thu, 28 Jul 2016 10:54:05 -0400
Subject: added netfilter-default config option in
 /etc/firejail/firejail.config

---
 etc/firejail.config | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'etc/firejail.config')

diff --git a/etc/firejail.config b/etc/firejail.config
index 59bbd77a5..20c4d7a5f 100644
--- a/etc/firejail.config
+++ b/etc/firejail.config
@@ -27,6 +27,13 @@
 # --netfilter only to root user. Regular users are only allowed --net=none.
 # restricted-network no
 
+# Change default netfilter configuration. When using --netfilter option without
+# a file argument, the default filter is hardcoded (see man 1 firejail). This
+# configuration entry allows the user to change the default by specifying
+# a file containing the filter configuration. The filter file format is the
+# format of  iptables-save  and iptable-restore commands. Example:
+# netfilter-default /etc/iptables.iptables.rules
+
 # Enable or disable seccomp support, default enabled.
 # seccomp yes
 
-- 
cgit v1.2.3-70-g09d2