Re: location based firewall

From: Dan Williams <dcbw redhat com>
To: Matej Kovacic <matej kovacic owca info>
Cc: networkmanager-list gnome org
Subject: Re: location based firewall
Date: Mon, 07 Mar 2011 11:15:17 -0600

On Sat, 2011-03-05 at 17:55 +0100, Matej Kovacic wrote:
> Hi,
> 
> > We've talked about this sort of vague plan in the past, tweaking the
> > firewall settings based on your location.  Obviously that doesn't work
> > so well for wired because you're never 100% what network you're
> > connected to, but for wifi if the AP requires a passphrase or is WPA
> > Enterprise, you're pretty sure you can trust your location.
> What about arp -a or nmap gateway IP?
> 
> > The UUID goes a long way towards helping with this, but there are
> > fundamentally two approaches:  either we have some sort of NM plugin
> > manipulate the firewall, or we have the firewall listen to NM... either
> > are doable.
> The second approach requires modification of a firewall: firewall must
> be "NetworkManager aware". That could be a problem, because NM and
> firewall development should be coordinated in some way (maybe harmonised
> is a better word).

This is true...  I think there's a great opportunity here to make
firewalls more network aware as we've all been discussing; we just need
to either think more about it, or jump in and start making things
happen...  any takers?  Same sort of thing with network proxies, which
clearly depend on the network you're connected to, which NM knows a lot
about.  I think they're pretty much the same problem and would have very
similar solutions.

Dan

Follow-Ups:
- Re: location based firewall
  - From: Matej Kovacic
- Re: location based firewall
  - From: Ludwig Nussel

References:
- Re: location based firewall
  - From: Ma Begaj
- Re: location based firewall
  - From: Dan Williams
- Re: location based firewall
  - From: Matej Kovacic

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]