On Wed, 2019-08-28 at 12:32 +0200, Tom H wrote:
On Wed, Aug 28, 2019 at 11:55 AM Ed Greshko ed.greshko@greshko.com wrote:
On 8/28/19 5:44 PM, Tom H wrote:
On Tue, Aug 27, 2019 at 11:52 PM Ed Greshko ed.greshko@greshko.com wrote:
The easiest way to resolve the issue is to place the interface on the NFS server in the "Trusted" firewall zone. The setting for that can be found in the Network Manager GUI for that interface in the "General Configuration" tab. At least that is what is shown on my KDE system.
Doesn't that essentially disable the firewall?!
To an extent. But recall that's Bob's network is connected to a satellite service and already protected by a firewall. I think he needs more protection against his family consuming his data quota. :-)
:)
The problem's that if someone does so on a laptop at home and then uses a public network...
Whether using "trusted" or adding "nfs" to "home", I suppose that the solution is to remember to change to "public" when using a public network; in the same way way that you'd want to block 111 and 2049 when doing so, whether via firewalld, iptables, nftables, or another frontend to the latter two, if they are enabled on a non-public network.
It'd be nice to have a way to associate a network and a zone and not have to remember easily-forgettable things. Given that NM and firewalld haven't done this integration, it's probably less than trivial, at least time-wise if not coding-wise.
I have everything set up using "public", including NFS, and this isn't even a laptop. I don't claim any special expertise in this, indeed it was largely by following Ed's advice that I got it to work. I'm afraid the firewall docs are pretty obscure for the ordinary user.
poc