About F19 Firewall

Matthew Miller mattdm at fedoraproject.org
Sat Sep 21 00:33:43 UTC 2013

On Sat, Sep 21, 2013 at 12:40:15AM +0200, Björn Persson wrote:
> >> Anyone can broadcast an SSID. How does FirewallD authenticate the
> >> network connection?
> >FirewallD is not responsible for such authentication/AP validation.
> >Firewall as such is not meant to assure you're connecting to where you
> >want.
> It's FirewallD that introduces the zone concept. FirewallD is therefore
> responsible for ensuring that the network has been authenticated before
> it switches to a zone that assumes an isolated and friendly network. Of
> course FirewallD can delegate the authentication to another program,
> but simply stating that FirewallD is not responsible doesn't answer the
> question.

I haven't looked, but I assume that it's not actually the SSID that makes
them unique but rather done by NetworkManager UUID. See
<https://wiki.gnome.org/NetworkManagerConfiguration>. So, the attack I think
you're talking about would be someone making a network with the same SSID as
one you trust. NetworkManager won't automatically connect to that, and it
even if you do, it won't automatically put them in the same zone.

Matthew Miller  ☁☁☁  Fedora Cloud Architect  ☁☁☁  <mattdm at fedoraproject.org>

More information about the devel mailing list