whitelist for domain names

Question

rusty-snake opened this issue 5 years ago · comments

A whitelist of allowed domain names would be very nice for use with single firejail sandboxes.

Example:

$ sudo fdns --proxy-addr=127.1.2.3 --wh-dn=mozilla.org --wh-dn=gmail.com
$ firejail --dns=127.1.2.3 thunderbird

Maybe it is better to put the whitelist in a file.

startx2017 · Answer 1 · Sat Mar 14 2020 06:09:38 GMT+0800 (China Standard Time)

Do you mean we should allow only the domains in the whitelist and drop all other? I would call it --whitelist:

--whitelist=domain
--whitelist-file=filename

rusty-snake · Answer 2 · Sat Mar 14 2020 16:28:19 GMT+0800 (China Standard Time)

Yes, only whitelisted domain names are resolved.

startx2017 · Answer 3 · Thu Apr 09 2020 01:10:54 GMT+0800 (China Standard Time)

--whitelist is done, I'll look into --whitelist-filename

netblue30 · Answer 4 · Fri May 15 2020 02:14:57 GMT+0800 (China Standard Time)

I have enabled the code from @startx2017 - yes, it was an AppArmor problem, we were blacklisting the user file!