Re: Disable autoconnect for new wifi connections by default

[Dan Williams <dcbw redhat com>]

On Sat, 2017-01-28 at 17:29 +0100, Marcin Zajączkowski wrote:
> Hi,
>
> I would like to disable autoconnect for new wifi connections by
> default.
> I prefer to control when my device is connected to public/shared wifi
> which identity cannot be determined ultimately (aka fake networks
> with
> well known ssid).

NM will never connect to a network that you have not at least once
connected to.  So if you never pick the network from the menu, NM will
never automatically connect to it.

There is also a list of common SSIDs that users never change, and when
NM first connects to that AP (if the GUI/CLI client uses
AddAndActivateConnection) NM will automatically lock the connection to
that single BSSID so that it never connects to a different "linksys" AP
randomly.  See is_manf_default_ssid().

Lastly, as an admin you can use PolicyKit permissions to restrict the
ability of users to connect to new APs, so that they can only connect
to a specific list of pre-defined networks that you have specified.

So there are many layers that attempt to prevent automatic connections
to networks you may not intend.

Perhaps we just need to add more networks to the "fake network" list? 
Or is one of these other mechanisms not working the way you intend?

But as has also been suggested, adding defaults for autoconnect might
be another layer of protection as well.

Dan

> I know I can do it manually via UI or nmcli, but I would prefer to
> configure it once (in the way as cloned-mac-address in global
> configuration) and only enable autoconnect for well know (and
> properly
> configured - with certificates) networks.
>
> Two questions:
> 1. Is it currently possible? 'device' section doesn't seem to accept
> that property.
> 2. How can I read/list default configuration for new wifi connections
> (e.g. wifi.cloned-mac-address - nmcli allows that only for existing
> connections, not devices)?
>
> NM 1.4.4, Fedora 25.
>
> Marcin