A secure browser launcher using Firejail for maximum isolation and privacy.
- Ultra-secure profile - Drops all capabilities, enables seccomp, isolates filesystem
- Network filtering - Only allows DNS (53), HTTP (80), and HTTPS (443)
- Privacy hardening - Blocks camera, microphone, USB, and input devices
- Auto-redirect resolution - Follows URL redirects before opening
- Clean output - Suppresses Firejail/GTK warnings (use
-vfor debug)
- Linux with Firejail installed
- Firefox browser
- curl (for redirect resolution)
# Ubuntu/Debian
sudo apt install firejail firefox curl
# Arch Linux
sudo pacman -S firejail firefox curlgit clone https://github.com/thiago-damasio/firejail-sandbox.git
cd firejail-sandbox
chmod +x sandbox_browser.sh# Basic usage
./sandbox_browser.sh https://example.com
# Verbose mode (shows all Firejail output)
./sandbox_browser.sh -v https://example.com
./sandbox_browser.sh --verbose https://example.com| Feature | Description |
|---|---|
private |
Private home directory (empty) |
private-dev |
Minimal /dev with no real devices |
private-tmp |
Private /tmp directory |
caps.drop all |
Drops all Linux capabilities |
seccomp |
System call filtering |
x11 none |
No X11 access |
dbus-* none |
No D-Bus access |
novideo |
No webcam access |
nosound |
No audio access |
- π« Home directory access
- π« USB devices
- π« Camera and microphone
- π« System logs
- π« Non-HTTP/HTTPS network traffic
- π« D-Bus communication
On first run, the script creates:
/etc/firejail/firefox-ultra.profile- Ultra-secure Firefox profile/etc/firejail/whitelist-minimal-http.inc- Network filtering rules
MIT License - Use at your own risk.
Pull requests welcome! Please test thoroughly before submitting.