Search the Community
Showing results for tags 'firejail'.
Found 2 results
It seems i can't post in How To so I'll post here. In this tutorial I will explain how to exclude individual programs while connected via the Eddie client and have the network lock active. I wanted to run steam without VPN so my latency was low for some competitive gaming, while my whole system was still connected and locked. For this to work we need firejail. Firejail can sandbox individual programs on it’s own with a lot of parameters. Install firejail first. We want a clean firewall state so disable network lock and flush the firewall. To check it's clean run: sudo iptables -nvL If not clean run: sudo iptables --flush Now we want to save this state to a file. sudo iptables-save -f /etc/firejail/iptables-save You can now network lock again. Make a bash script. #!/bin/bash firejail --noprofile \ --net=your_main_ethernet_interface \ --ip=ip_address_in_your_routers_subnet \ --defaultgw=router_ip \ --dns=dns_server_of_your_choice \ --dns=dns_server_of_your_choice \ --netfilter=/etc/firejail/iptables-save \ program_you_want_to_run Save in /usr/bin/ and make executable. chmod +x program You can now run the bash script and your program will be excluded from the VPN and network lock. Check with firejail --top to see if it is “jailed”. You could also replace program_you_want_to_run with $1 and name the script novpn or so. This would make it a lot more versatile. As you can now pas an argument with the script like so: novpn firefox novpn thunderbird novpn steam-runtime If you want to avoid a bash script and you want to directly run your program with firejail follow along. This means if you run (in my case) steam-runtime directly, it will be firejailed. If you do this you can delete the above bash script you made. cp /usr/share/doc/fireail/profile.template ~/.config/firejail/ Rename it to your_program.template your_program should match the executable name you want to run. In my case steam-runtime. Edit the file and comment out every include you see, so everything is commented out. And paste the text below as you see fit. Somewhere around “net” stuff would be my choice. net your_main_ethernet_interface ip ip_address_in_your_routers_subnet defaultgw router_ip dns dns_server_of_your_choice dns dns_server_of_your_choice netfilter /etc/firejail/iptables-save Make a symbolic link sudo ln -s /usr/bin/firejail /usr/local/bin/your_program And that’s It. Every time you run your_program it will be firejailed and outside of the vpn. Check with firejail --top.
Hi, My operating system is Antix v.17, 32 bit (a lightweight Debian - Stretch based distro, with no systemd). For network managers, I have ceni and wicd. Firefox and Thunderbird are my primary internet applications. The system works very nicely, and will connect directly, or via AirVPN (using Eddie v.2.16.3). It also works well with the Windscribe cli application for Debian Linux. However, not long ago, I installed firejail (v.0.9.60) and apparmor. My practice is to run Firefox and Thunderbird in separate firejails. However, when either VPN (AirVPN or Windscribe) is active, there is no internet connection to either firejailed program. (Only one instance of Firefox runs at a time, either inside or outside of firejail.) I visited the firejail github support site. Apparently, there are ways to make firejail work with a vpn, but it's a bit confusing to me. I am relatively new to Linux... beginning to find my way around. But I have very limited understanding about network routing and configuration. I have also experimented with a couple of other openvpn VPN providers (both with Eddie v.2.18.7 and with direct openvpn connection). One of those services appears to form a tunnel, but the browser (not in firejail) did not find and use the new ip. At this point, I'll stick with AirVPN (and Windscribe, if I really need a server in a country that Air doesn't cover). Can you steer me in the right direction? Your help will be much appreciated!