Re: location based firewall



Hi,

> change if you plug into a different subnet of the same router in the 
> same administrative domain (or it might not, depending on the model 
Solution could be to save ALL possible MAC adresses and associate them
with that network...

> Perhaps the key should be a combination of various parameters, such as
> subnet address/prefix length, gateway IP, and gateway MAC.

I think we are talking about two things here.

First option is that firewall is based on connection UUID. That means,
when I use specific connection, firewall rules for that connection are
enforced.

The other option is to autodetect which network I am using. Something
like: I am connected to a router with MAC1, that means I must use
firewall setting for that network.

For instance, if I am using "Auto eth0" that could be on my home network
or in cybercafe - and I can use two diferent firewall scripts.

Which means there is another possibility - user should have an option
that NetworkManager automatically invokes firewall script based on
predefined rules OR asks user which firewall script should invoke (and
proposes the best one).

Some paranoid setup should be like that... I have very restrictive
default firewall, but when I connect to my home network, NM detects MAC
address, router IP, etc. and then asks me whether I want to run firewall
script 2 or not (but I can disable this question and firewall script 2
is automatically run).

Regards,

Matej


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]