On 8/28/19 6:32 PM, Tom H wrote:
On Wed, Aug 28, 2019 at 11:55 AM Ed Greshko ed.greshko@greshko.com wrote:
On 8/28/19 5:44 PM, Tom H wrote:
On Tue, Aug 27, 2019 at 11:52 PM Ed Greshko ed.greshko@greshko.com wrote:
The easiest way to resolve the issue is to place the interface on the NFS server in the "Trusted" firewall zone. The setting for that can be found in the Network Manager GUI for that interface in the "General Configuration" tab. At least that is what is shown on my KDE system.
Doesn't that essentially disable the firewall?!
To an extent. But recall that's Bob's network is connected to a satellite service and already protected by a firewall. I think he needs more protection against his family consuming his data quota. :-)
:)
The problem's that if someone does so on a laptop at home and then uses a public network...
I don't think that is too much of a worry.
Recall that each Wifi Connection can be assigned a Firewall Zone. The connection at home will be different than outside of the home.
Whether using "trusted" or adding "nfs" to "home", I suppose that the solution is to remember to change to "public" when using a public network; in the same way way that you'd want to block 111 and 2049 when doing so, whether via firewalld, iptables, nftables, or another frontend to the latter two, if they are enabled on a non-public network.
It'd be nice to have a way to associate a network and a zone and not have to remember easily-forgettable things. Given that NM and firewalld haven't done this integration, it's probably less than trivial, at least time-wise if not coding-wise.
It seems integration has been done with Wifi (see above) but not with wired connections.
In any event, I've never had a need or even considered running an NFS server on a laptop. :-)