From 314dde5d94b0c14dd5bb8a3eda1435b64e007a4b Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Wed, 9 Jan 2019 08:26:46 -0500
Subject: fix netfilter-default functionality in /etc/firejail/firejail.config

---
 src/firejail/netfilter.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/firejail/netfilter.c b/src/firejail/netfilter.c
index ed2d019ab..22c8392a0 100644
--- a/src/firejail/netfilter.c
+++ b/src/firejail/netfilter.c
@@ -69,8 +69,12 @@ void netfilter(const char *fname) {
 	if (set_perms(SBOX_STDIN_FILE, getuid(), getgid(), 0644))
 		errExit("set_perms");
 
-	if (fname == NULL)
-		sbox_run(SBOX_USER| SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FNETFILTER, SBOX_STDIN_FILE);
+	if (fname == NULL) {
+		if (netfilter_default)
+			sbox_run(SBOX_USER| SBOX_CAPS_NONE | SBOX_SECCOMP, 3, PATH_FNETFILTER, netfilter_default, SBOX_STDIN_FILE);
+		else
+			sbox_run(SBOX_USER| SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FNETFILTER, SBOX_STDIN_FILE);
+	}
 	else
 		sbox_run(SBOX_USER| SBOX_CAPS_NONE | SBOX_SECCOMP, 3, PATH_FNETFILTER, fname, SBOX_STDIN_FILE);
 
-- 
cgit v1.2.3-54-g00ecf