About F19 Firewall

Matthew Miller mattdm at fedoraproject.org
Sat Sep 21 00:33:43 UTC 2013


On Sat, Sep 21, 2013 at 12:40:15AM +0200, Björn Persson wrote:
> >> Anyone can broadcast an SSID. How does FirewallD authenticate the
> >> network connection?
> >FirewallD is not responsible for such authentication/AP validation.
> >Firewall as such is not meant to assure you're connecting to where you
> >want.
> It's FirewallD that introduces the zone concept. FirewallD is therefore
> responsible for ensuring that the network has been authenticated before
> it switches to a zone that assumes an isolated and friendly network. Of
> course FirewallD can delegate the authentication to another program,
> but simply stating that FirewallD is not responsible doesn't answer the
> question.

I haven't looked, but I assume that it's not actually the SSID that makes
them unique but rather done by NetworkManager UUID. See
<https://wiki.gnome.org/NetworkManagerConfiguration>. So, the attack I think
you're talking about would be someone making a network with the same SSID as
one you trust. NetworkManager won't automatically connect to that, and it
even if you do, it won't automatically put them in the same zone.



-- 
Matthew Miller  ☁☁☁  Fedora Cloud Architect  ☁☁☁  <mattdm at fedoraproject.org>


More information about the devel mailing list