Re: location based firewall

From: Dan Williams <dcbw redhat com>
To: Ma Begaj <derliebegott gmail com>
Cc: networkmanager-list gnome org
Subject: Re: location based firewall
Date: Sat, 05 Mar 2011 09:37:37 -0600

On Sat, 2011-03-05 at 10:52 +0100, Ma Begaj wrote:
> 2011/2/28 Matej Kovacic <matej kovacic owca info>:
> > Hi,
> >
> >> I have that setup. I solved it with scripts in
> >> /etc/NetworkManager/dispatcher.d/.
> > ...
> >> you find UUIDs on command line with "nmcli con".
> >
> >
> > That is very nice and opens possibilities for developing location based
> > firewalls. For instance, when I am at home, I want to have my samba
> > share open, but when I am on wireless connection, I want to have
> > everything closed.
> 
> 
> I have exactly that. I have a collection of scripts which do similar
> thing with my setup:
> 
> Wireless connection to HOME is established:
> - start VPN connection to XXX
> - start SSH tunnels
> - open firewall for some external connections
> - rsync backup my /home folder with a server
> 
> And when wireless connection is gone ssh tunnels will be "killed",
> firewall closed, vpn stopped...

We've talked about this sort of vague plan in the past, tweaking the
firewall settings based on your location.  Obviously that doesn't work
so well for wired because you're never 100% what network you're
connected to, but for wifi if the AP requires a passphrase or is WPA
Enterprise, you're pretty sure you can trust your location.

The UUID goes a long way towards helping with this, but there are
fundamentally two approaches:  either we have some sort of NM plugin
manipulate the firewall, or we have the firewall listen to NM... either
are doable.

Dan

Follow-Ups:
- Re: location based firewall
  - From: Matej Kovacic

References:
- Re: location based firewall
  - From: Ma Begaj

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]