search

netblue30 / firejail

Linux namespaces and seccomp-bpf sandbox
https://firejail.wordpress.com
GNU General Public License v2.0
5.68k stars 556 forks source link

Can we force ipvlan for network? #6397

Open Quackdoc opened 2 months ago

Quackdoc commented 2 months ago

Is your feature request related to a problem? Please describe.

Currently it seems like firejail will always macvlan for ethernet and ipvlan for wifi. macvlan has an unfortunate side effect for network administrators of spamming "new devices" due to mac address. ipvlan due to sharing mac address with the main nic does not have this issue.

This can also potentially be an issue on networks that perform mac address whitelisting.

Describe the solution you'd like

be able to force firejail to ipvlan so as not to create issues for a network admin.

Describe alternatives you've considered

I'm not sure if there is a viable alternative with linux.

drwankingstein commented 1 month ago

Strongly asking for this as well, recently got a new router which sends notifications when new devices join, which I thought would be great, until I checked and found out I had 124 new device notifications.

osevan commented 1 month ago

https://ostechnix.com/configure-vlan-tagging-in-linux/

Vlan is seperated and layer2 and very cheap for kernel

We can start network apps like firefox or torrent clients in seperated vlanIDS

I hope someone of team devs can try this