Re: location based firewall
- From: Ludwig Nussel <ludwig nussel suse de>
- To: networkmanager-list gnome org
- Subject: Re: location based firewall
- Date: Tue, 8 Mar 2011 13:52:36 +0100
Dan Williams wrote:
> On Sat, 2011-03-05 at 17:55 +0100, Matej Kovacic wrote:
> > > We've talked about this sort of vague plan in the past, tweaking the
> > > firewall settings based on your location. Obviously that doesn't work
> > > so well for wired because you're never 100% what network you're
> > > connected to, but for wifi if the AP requires a passphrase or is WPA
> > > Enterprise, you're pretty sure you can trust your location.
> > What about arp -a or nmap gateway IP?
> >
> > > The UUID goes a long way towards helping with this, but there are
> > > fundamentally two approaches: either we have some sort of NM plugin
> > > manipulate the firewall, or we have the firewall listen to NM... either
> > > are doable.
> > The second approach requires modification of a firewall: firewall must
> > be "NetworkManager aware". That could be a problem, because NM and
> > firewall development should be coordinated in some way (maybe harmonised
> > is a better word).
>
> This is true... I think there's a great opportunity here to make
> firewalls more network aware as we've all been discussing; we just need
> to either think more about it, or jump in and start making things
> happen... any takers?
PoC:
http://lizards.opensuse.org/2009/07/10/1453/
http://lizards.opensuse.org/2009/08/28/firewall-zone-switcher-updated/
http://www.gitorious.org/opensuse/fwzs
What's missing is to listen for NM dbus events to automatically
switch zones. Last time I checked it wasn't straight forward (at
least to me for an afternoon hack) to get the necessary information
from NM.
cu
Ludwig
--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
