On Tue, 2019-08-27 at 10:14 -0400, Robert Marcano wrote:
On 8/27/19 10:03 AM, John Harris wrote:
>
Any new Wifi connection could be identified by their SSID, so it
could
still be secure by default and ask for that specific connection to
be
opened because you trust them. As I proposed on another email, bring
back the NetworkManager zones UI to GNOME Settings, simplified with
being an option to confine that connection to the public zone.
Yeah, the WIFI case can be as simple as that: let the use choose the
default zone. Public means closed firewall, otherwise the workstation
zone can be as it is now. This protects the user from big mistakes as
unintended sharing of information over samba, media players et.
The problem of identifying wired connections still remains and needs
more thinking.
For this case NetworkManager could verify the gateway address/ MAC
to
see if this is a known network, and if not offer the user to allocate
that connection to a public/private zone? I seem to remember that
Windows does something similar (sorry not a big Windows user)...
/louis