diff --git a/src/firejail/netfilter.c b/src/firejail/netfilter.c
index ed2d019ab..22c8392a0 100644
--- a/src/firejail/netfilter.c
+++ b/src/firejail/netfilter.c
@@ -69,8 +69,12 @@ void netfilter(const char *fname) {
 	if (set_perms(SBOX_STDIN_FILE, getuid(), getgid(), 0644))
 		errExit("set_perms");
 
-	if (fname == NULL)
-		sbox_run(SBOX_USER| SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FNETFILTER, SBOX_STDIN_FILE);
+	if (fname == NULL) {
+		if (netfilter_default)
+			sbox_run(SBOX_USER| SBOX_CAPS_NONE | SBOX_SECCOMP, 3, PATH_FNETFILTER, netfilter_default, SBOX_STDIN_FILE);
+		else
+			sbox_run(SBOX_USER| SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FNETFILTER, SBOX_STDIN_FILE);
+	}
 	else
 		sbox_run(SBOX_USER| SBOX_CAPS_NONE | SBOX_SECCOMP, 3, PATH_FNETFILTER, fname, SBOX_STDIN_FILE);
 
diff --git a/status b/status
index 84ec18951..fb8d548b7 100644
--- a/status
+++ b/status
@@ -1,5 +1,9 @@
-2019: Jan 2
-done: Correctly set address length in arp frames
+
+Jan 9: fix netfilter-default functionality in /etc/firejail/firejail.config
+Jan 8: test caps join
+Jan 8: testing seccomp/join
+Jan 8:  fix join/seccomp #2296
+Jan 2: Correctly set address length in arp frames
 
 Nov 6: mainline merge
 done: removed transfer.sh support from travis build