From a8abd88081fabbc9590dd33d413cd0a0641ef642 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Fri, 6 Jul 2018 09:34:52 -0400
Subject: --netmask option

---
 src/man/firejail.txt | 25 ++++++++++++++++++++-----
 1 file changed, 20 insertions(+), 5 deletions(-)

(limited to 'src/man/firejail.txt')

diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index d527c05d8..24d4bbd8c 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -823,11 +823,6 @@ $ firejail \-\-net=none vlc
 Note: \-\-net=none can crash the application on some platforms.
 In these cases, it can be replaced with \-\-protocol=unix.
 
-.TP
-\fB\-\-netns=name
-Run the program in a named, persistent network namespace.  These can
-be created and configured using "ip netns".
-
 .TP
 \fB\-\-netfilter
 Enable a default firewall if a new network namespace is created inside the sandbox.
@@ -954,6 +949,26 @@ $ firejail --name=browser --net=eth0 --netfilter firefox &
 .br
 $ firejail --netfilter6.print=browser
 
+.TP
+\fB\-\-netmask=address
+Use this option when you want to assign an IP address in a new namespace and
+the parent interface specified by --net is not configured. An IP address and
+a default gateway address also have to be added. By default the new namespace
+interface comes without IP address and default gateway configured. Example:
+.br
+
+.br
+$ sudo /sbin/brctl addbr br0
+.br
+$ sudo /sbin/ifconfig br0 up
+.br
+$ firejail --ip=10.10.20.67 --netmask=255.255.255.0 --defaultgw=10.10.20.1
+
+.TP
+\fB\-\-netns=name
+Run the program in a named, persistent network namespace.  These can
+be created and configured using "ip netns".
+
 .TP
 \fB\-\-netstats
 Monitor network namespace statistics, see \fBMONITORING\fR section for more details.
-- 
cgit v1.2.3-54-g00ecf