Network bandwidth shaping or traffic shaping is extensively used for efficient use of available network bandwidth and fairer bandwidth sharing.
Most common use of bandwidth shaping in Linux desktop is fair bandwidth sharing among different application, assume your torrent client is eating all download speed while browsing something important. For servers, it's a lot more complex and important subject.
Surely firejail is not the best tool for this purpose, there are other utilities like iptables and tc token bucket filter. But why not use the handy firejail tool ?
For new comers, firejail is an extremely lightweight tool for isolating one/many application from the rest of the system, more straightly a sandbox application, read more about sandboxing apps with firejail here. So using fireail for traffic shaping adds an extra layer of security. Lets start !
Contents
1. Start the applications with firejail
The first step is to launch one or more desired application in a fireail sandbox environment with network handling capability. Use the --net= switch while launching the app, examples bellow
firejail --net=enp2s0 firefox
firejail --net=enp2s0 transmission-qt
Don't forget to use the correct interface name, replace the enp2s0 with a proper one which matches your system, like eth0 . Currently this works only on ethernet and wi-fi network interfaces only, not works on virtual interfaces like ppp0 and wwan0 for 3G/4G mobile broadband network .
2. Get the PID of sandboxed applications
Next step is to get the PID, i.e. the process ID of the sandbox, not the PID of the application. It's fairly easy to get them, run few commands or use some GUI application like ksysguard or lxtask.
firejail --list | grep 'firefox' | awk -F: '{print$1}'
firejail --list | grep 'transmission-qt' | awk -F: '{print$1}'
3. Set the bandwidth limit per application
Finally set the bandwidth limit to the desired application, use the commands bellow, first the general procedure
PID is the process ID of the sandbox application, interface-name is the name of the interface where you are going to shape the traffic, down-speed is maximum download speed and up-speed is maximum upload speed. Example bellow.
firejail --bandwidth=11372 set enp2s0 250 100
Just make sure you are using the correct PID of the sandbox.
4. Some extra functionality with firejail
Firejail not only shapes the traffic, it could be also used to set different DNS servers for different application, a different default gateway etc. etc.
To start an application with different DNS server, look at the command bellow
firejail --dns=208.67.222.222 --dns=208.67.222.220 firefox
The command at above will start firefox with DNS servers 208.67.222.220 and 208.67.222.222 without changing the whole system DNS server.
Use a different default gateway for different applications. Assume you want to run a application which could see only a specific network interface and a specific default gateway. For that, use the --net= and --defaultgw= command line switches.
firejail --net=wlp3s0 --defaultgw=192.168.1.1 smtube
The command above will launch the flash free youtube browser app SMTube binding only wi-fi network interface with default gateway 192.168.1.1 .
Conclusion
So firejail is pretty versatile tool for traffic shaping and other network related hacks, it's pretty straight forward too. If you have any suggestion or question just feel free and leave a comment, we'll be happy to listen from you. Also don't forget to share this with your friends.
I need to try to install (again) firejail, because the GUI wasn't active and also "all" of the functionality (app) are disable.
I'm talk about the one's I've install before and other's after...
Right now I'm work with one "dirty" Mint (Linux Mint 18.3 Cinnamon 64-bit), but this problem wasn't properly or exclusive from this SO.
I know firejail - better: - firetools since xx/08/2016 and I'm, lets say: familiar with this tool, that's why I trusty can say amusing (tool) and use the word without doubts!
Even more: through this one (firejail) I'd solve a different kine of problems. including one very peculiar: replaced document's attached to emails (I never knew or ever hear nothing associate or have met someone who could say or have listen whatever about this particular problem) inside of one old mail box I had. One important subject was treaty in this emails... well, all of the attachments are replaced to other's and the one's about are vanish.
So, I think for sure, I can use the adjective without any kine of doubts! Do you agree?
I think so!
... I have found the some problem in SO's like Ubuntu-Mate 16.04 LTS 64-bit, Kubuntu 16.04 LTS 64-bit and all vers. Mint 18.xx 64-bit. At less, because in this moment I can't precisely say other's.
The "thing" they share are 64-bit. Let me explain: until last December SO's x.386 are - lets say - my world and I never have found this problem. Since December I start to use and test 64-bit different distro models (try to find one more save and clean... right now Cent OS, Fedora and [maybe] Red Hat (at this moment I can't prove about this one) are to much infected from Microsoft.
And, asking your permission, let me advice to you about the software [never] open-source provide from this madness: I was induce to install Visual Studio... People wrong mistake.
If you did or think to do this... I just remember you one thing: Microsoft never was, is or intent to be a community or part of one!
If you have whatever from this $$$, uninstall them software and do a double check to your SO.
And if you find more BUG's than usual or also Trojans and dirty things, don't be yourself surprise.
The $$$ are landing and they start to do what they knew and know very well: by other words: destroy, input rules, stole information, induce the people in errors, etc., the usual!
They don't (like you know) quit easy and they will do whatever to stay alive; doesn't matter how much cost.
Something knew?
OK! Thanks for your attention and also... So if you can help to solve this problem, I'll appreciate.
P.B
Hi Paulo, I truly appreciate your comment.
However right now I'm unable to read your whole long comment(extremely detailed though) and leave any useful feedback.
Sorry about that.