From 261d08d394559a05d804a76e52183f6e26d871f5 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Wed, 11 Jul 2018 06:42:59 -0400
Subject: tunneling support - tap interface in --net option

---
 src/man/firejail-profile.txt | 13 ++++++++++---
 src/man/firejail.txt         | 14 ++++++++++++++
 2 files changed, 24 insertions(+), 3 deletions(-)

(limited to 'src/man')

diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index 767cf89f4..e29cf4f4b 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -589,16 +589,23 @@ configured as default gateway is the bridge device IP address. Up to four \-\-ne
 bridge devices can be defined. Mixing bridge and macvlan devices is allowed.
 
 .TP
-\fBnet ethernet_interface
+\fBnet ethernet_interface|wireless_interface
 Enable a new network namespace and connect it
-to this ethernet interface using the standard Linux macvlan
+to this ethernet interface using the standard Linux macvlan or ipvlan
 driver. Unless specified with option \-\-ip and \-\-defaultgw, an
 IP address and a default gateway will be assigned automatically
 to the sandbox. The IP address is verified using ARP before
 assignment. The address configured as default gateway is the
 default gateway of the host. Up to four \-\-net devices can
 be defined. Mixing bridge and macvlan devices is allowed.
-Note: wlan devices are not supported for this option.
+
+.TP
+\fBnet tap_interface
+Enable a new network namespace and connect it
+to this ethernet tap interface using the standard Linux macvlan
+driver.  If the tap interface is not configured, the sandbox
+will not try to configure the interface inside the sandbox.
+Please use ip, netmask and defaultgw to specify the configuration.
 
 .TP
 \fBnet none
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 74a9a9da9..f29d9cddf 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -815,6 +815,20 @@ $ firejail \-\-net=eth0 \-\-ip=192.168.1.80 \-\-dns=8.8.8.8 firefox
 .br
 $ firejail \-\-net=wlan0 firefox
 
+.TP
+\fB\-\-net=tap_interface
+Enable a new network namespace and connect it
+to this ethernet tap interface using the standard Linux macvlan
+driver. If the tap interface is not configured, the sandbox
+will not try to configure the interface inside the sandbox.
+Please use \-\-ip, \-\-netmask and \-\-defaultgw to specify the configuration.
+.br
+
+.br
+Example:
+.br
+$ firejail \-\-net=tap0 \-\-ip=10.10.20.80 \-\-netmask=255.255.255.0 \-\-defaultgw=10.10.20.1 firefox
+
 .TP
 \fB\-\-net=none
 Enable a new, unconnected network namespace. The only interface
-- 
cgit v1.2.3-70-g09d2