Re: location based firewall

From: Chuck Anderson <cra WPI EDU>
To: networkmanager-list gnome org
Subject: Re: location based firewall
Date: Sat, 5 Mar 2011 15:20:29 -0500

On Sat, Mar 05, 2011 at 05:55:54PM +0100, Matej Kovacic wrote:
> Hi,
> 
> > We've talked about this sort of vague plan in the past, tweaking the
> > firewall settings based on your location.  Obviously that doesn't work
> > so well for wired because you're never 100% what network you're
> > connected to, but for wifi if the AP requires a passphrase or is WPA
> > Enterprise, you're pretty sure you can trust your location.
> What about arp -a or nmap gateway IP?

Using the MAC address of the gateway as discovered by ARP seems 
reasonable, but nmapping the gateway IP is not.  I will ban any device 
on my network that scans the router.

Keep in mind though that sometimes the MAC address might change...like 
various redundancy setups, hardware replacement, etc.  It might also 
change if you plug into a different subnet of the same router in the 
same administrative domain (or it might not, depending on the model 
and configuration of the router(s)).  That could be useful or not 
depending on your perspective.  I suppose that would happen 
infrequently enough that the MAC address is "good enough" for a stable 
LAN identifier.  Ideally, the user should be able to pick a location 
such that they could associate the same location with the various 
subnets and/or WiFI SSIDs they connect to that are part of the same 
administrative domain.

Follow-Ups:
- Re: location based firewall
  - From: Chuck Anderson
- Re: location based firewall
  - From: Matej Kovacic

References:
- Re: location based firewall
  - From: Ma Begaj
- Re: location based firewall
  - From: Dan Williams
- Re: location based firewall
  - From: Matej Kovacic

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]