----- Original Message -----
Hi everyone,
<snip>
Plans for Fedora 21
- The Desktop team will look into creating a UI that asks you when you
connect to a new wireless network if you consider it trusted or not. Exact wording of the question and look of dialog etc. will need to be worked out. This setting will be remembered for that network. If user say trusted the zone used will be 'trusted', if not trusted then current default will be used. Should be simple enough to not confuse users, yet improve their security on public networks.
- Other connection types will keep the current default which sucks a bit for
your home ethernet, but we don't currently have a good way to identify your ethernet connection and popping up a dialog every time you connect is probably a worse user experience than having to google a bit.
Matthias started a prototype of this already here: https://bugzilla.gnome.org/show_bug.cgi?id=727580
The plan has changed slightly after discussions with designers (Allan in particular) and firewalld hackers (Miloslav Trmac and Thomas Woerner).
There were two main uses to the firewall: - Security, this is to avoid particular services from ever being seen on the network This also accounts for packaging errors which mean that unwanted services are enabled when the package is installed, and listening on the network when they shouldn't be, as noticed recently: https://fedorahosted.org/fesco/ticket/1310 - Privacy, avoid unwanted data about the user, or their setup from being broadcast on the local network. That means my user name, my real name (!), the version of my OS, etc.
I reviewed the default network services available on a stock Fedora Workstation installation[1], and we came up with the following plan.
1) Work with QE to setup a way to avoid security regressions, as the rpcbind one, mentioned above. This will mean adding tests at the distro level. Hopefully Tim Flink, CC:ed, can help me with creating those tests 2) Create a new firewalld zone for use by Workstation. This would block all system services (port < 1024) except a few whitelisted ones (see Google spreadsheet below), so as to mitigate #1 3) Add Network awareness to GNOME's controls of system-wide sharing. When disconnecting from the network, or connecting to a new unknown network, we would ensure that all sharing (we can control) is disabled. Each of the possible shared items would be controlled independently for each network. This means that your music would automatically be shared when at home, but disabled when at the coffee shop. We'll also have a way for users to disable sharing that was previously enabled, without that network being the current one. Subject to changes, here are some mockups: https://raw.githubusercontent.com/gnome-design-team/gnome-mockups/master/sys... https://raw.githubusercontent.com/gnome-design-team/gnome-mockups/master/sys... In the future this could be further controlled through application sandboxing.
Some things that are currently outside of scope, and will need to be documented: - NFS client or server support. NFS 101 tells you to check the firewall config, you'll still need to do that. - Support for network printers enumeration when mDNS is disallowed on the network (this opens up UDP port 631 on the local machine)
Long term plans
- Work with NetworkManager team to see if we can come up with a way to
identify ethernet connections in a similar manner
This would still be useful: https://bugzilla.gnome.org/show_bug.cgi?id=723084
Cheers
[1]: https://docs.google.com/spreadsheets/d/103SAK-7ch5wpGiCP3KF9CYlIhLQFTy9SSvBv...