Firejail: Difference between revisions
imported>Onny Add info about Firejail module |
imported>Onny Add Tor routing example |
||
| Line 47: | Line 47: | ||
firejail --profile=$(nix --extra-experimental-features nix-command --extra-experimental-features flakes eval -f '<nixpkgs>' --raw 'firejail')/etc/firejail/firefox.profile firefox | firejail --profile=$(nix --extra-experimental-features nix-command --extra-experimental-features flakes eval -f '<nixpkgs>' --raw 'firejail')/etc/firejail/firefox.profile firefox | ||
</syntaxhighlight> | </syntaxhighlight> | ||
== Tips & tricks == | |||
=== Torify application traffic === | |||
The following example configuration creates a virtual network bridge which can be used in Firejail as an isolated network namespace. All traffic originating from this interface will be routed through a local [[Tor]] service which will therefore anonymize your internet traffic. | |||
<syntaxhighlight lang="nix"> | |||
tor = { | |||
enable = true; | |||
openFirewall = true; | |||
settings = { | |||
TransPort = [ 9040 ]; | |||
DNSPort = 5353; | |||
VirtualAddrNetworkIPv4 = "172.30.0.0/16"; | |||
}; | |||
}; | |||
networking.bridges."tornet" = { | |||
interfaces = []; | |||
}; | |||
networking.interfaces.tornet.ipv4.addresses = [{ | |||
address = "10.100.100.1"; | |||
prefixLength = 24; | |||
}]; | |||
</syntaxhighlight> | |||
Run your preferred application inside the isolated Tor network | |||
<syntaxhighlight lang="bash"> | |||
firejail --net tornet --profile=$(nix --extra-experimental-features nix-command --extra-experimental-features flakes eval -f '<nixpkgs>' --raw 'firejail')/etc/firejail/firefox.profile firefox | |||
</syntaxhighlight> | |||
Please note that this is a experimental setup which doesn't guarantee anonymity or security in any circumstances. | |||
[[Category:Applications]] | [[Category:Applications]] | ||
[[Category:Security]] | [[Category:Security]] | ||