Hey you beautiful privacy scoundrels! You magnificently private rascals and scamps!
I used this tool for a long time. Well I found something new and wanted to share.
Firejail is an easy single shot sandboxer. It’s easier than spinning up a whole ass VM. You can read about it if you wanna. What I wanted to share is, the network part of it. Which I never knew about before today!
There’s an option called netlock. What it does is, it tracks any outgoing network IP the sandboxed app connects to for 60s. Then everything after that is blocked. That will print the block list it uses. You can edit it if you want, as a base. Adding or removing addresses, w/e. When you are happy, you can save and use it with the netfilter option.
It’s great for let’s say a podcast app, that will connect to one or a few IPs, but should not send anything to anywhere else. Or even apps that should be 100% local, and you want to keep honest apps honest.
You can do all that with a VM too, by using firewalls and w/e. But this is handy for one off uses. Cases you don’t want a whole ass VM. If you trust an app to not be a trojan, but you don’t totally trust where it might phone home to. You can make sure it of what it’s doing. Like block analytics, but allowing a legit network endpoint for functionality.
You must log in or # to comment.
Firejail is awesome, I love it on my desktop to sandbox games and browsers.
It’s basically an easier version of SELinux for end users.
You don’t need it for Flatpaks, there you want to use Flatseal.
You also don’t need it for Snaps since you shouldn’t use Snaps and instead switch to a different distribution which is not Ubuntu. Try Debian or literally anything else without Snaps.
Oh and thank you for the netlock feature! Can you do more than 60s so you can click around and test more?