Re: three privacy questions
- From: "Etienne Zind" <etienne zind gmail com>
- To: networkmanager-list gnome org
- Subject: Re: three privacy questions
- Date: Sat, 20 Dec 2008 08:16:04 +0800
2008/12/20 Dan Williams <dcbw redhat com>:
>> The same should happen when VPN connection drops. Now I am using VPN
>> connection on a public WiFi and if VPN drops, there is fallback to
>> insecure open Wifi. If I do not notice that, I am using insecure
>> network, which is really bad...
>
> If the VPN is tied to the device connection, the VPN would get
> re-started automatically if that 'Connect automatically' option was
> checked. I don't think there's yet a good way to block internet traffic
> until the VPN is up (though some iptables magic might allow that, but it
> would be tricky), but if we can't do that, some traffic could escape
> outside the VPN while it was down. I don't think we should tear down
> the *entire* connection, because it takes a long time to reconnect a
> device connection in some cases. So the ideal solution here would be
> iptables blockage of any traffic out of the device (except VPN traffic
> of course) until the VPN was back up.
As iproute is already heavily used in NM, the blocking might be done
with `ip rule` or `ip route` ath can do `reject`,`unreachable` and
`prohibits` simulation.
$ ip rule from all unreachable
or
$ ip route add unreachable default
Should do the trick
--
Regards,
Etienne Zind
------------------------
The motive for DRM schemes is to increase profits for those who impose
them, but their profit is a side issue when millions of people's
freedom is at stake; desire for profit, though not wrong in itself,
cannot justify denying the public control over its technology.
Defending freedom means thwarting DRM.
Dr. Richard M. Stallman
http://www.gnu.org/philosophy/
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
