Christian Schaller <cschalle(a)redhat.com> wrote:
>
>
>
>
>----- Original Message -----
>> From: "Bastien Nocera" <bnocera(a)redhat.com>
>> To: "Discussions about development for the Fedora desktop"
<desktop(a)lists.fedoraproject.org>
>> Sent: Wednesday, February 19, 2014 6:40:37 PM
>> Subject: Re: technical spec for the workstation up for review
>>
>>
>>
>> ----- Original Message -----
>> > Hi,
>> > I ended up calling the firewalld maintainer to understand the state of
>> > things
>> > and there is this concept in firewalld called zones that we should be able
>> > to
>> > use to create a better user experience, yet at the same time keep the
>> > firewall
>> > working when people connect with their laptop at an internet cafe for
>> > instance.
>>
>> Right. But firewalld can't a Fedora-only solution, otherwise no application
>> developer
>> will want to integrate with it.
>
>We don't need the application developer to intergrate with it. All we do is that
>in the GNOME Shell/NetworkManager we ask a question the first time you connect to
>a new network, something like 'Is this a trusted network?'. If the answer is
yes
>we put firewalld in trusted network mode for that network, and everytime the user
connects
>to that network afterwards we default to that trusted setting without asking again.
>In this mode the firewall will let basically anything through.
>
>For untrusted networks like conference wifi or internet cafes people choose 'not
trusted'
>and we use the current firewalld default.
>
>These settings can then be toggled in the connection manager if you at any point want
>a specific network to become trusted/untrusted.
>
>This model is very simply (just 2 modes) and it gives our users some extra security
when
>connecting their laptops in public places, including protecting them from themselves
in
>terms of accidentally sharing their private photos and videos on a public network.
>It should also be quite unobtrusive.
>
>
>Christian
>--
>desktop mailing list
>desktop(a)lists.fedoraproject.org
>https://admin.fedoraproject.org/mailman/listinfo/desktop
Show replies by date