Dan Williams wrote: > On Sat, 2011-03-05 at 17:55 +0100, Matej Kovacic wrote: > > > We've talked about this sort of vague plan in the past, tweaking the > > > firewall settings based on your location. Obviously that doesn't work > > > so well for wired because you're never 100% what network you're > > > connected to, but for wifi if the AP requires a passphrase or is WPA > > > Enterprise, you're pretty sure you can trust your location. > > What about arp -a or nmap gateway IP? > > > > > The UUID goes a long way towards helping with this, but there are > > > fundamentally two approaches: either we have some sort of NM plugin > > > manipulate the firewall, or we have the firewall listen to NM... either > > > are doable. > > The second approach requires modification of a firewall: firewall must > > be "NetworkManager aware". That could be a problem, because NM and > > firewall development should be coordinated in some way (maybe harmonised > > is a better word). > > This is true... I think there's a great opportunity here to make > firewalls more network aware as we've all been discussing; we just need > to either think more about it, or jump in and start making things > happen... any takers?
PoC: http://lizards.opensuse.org/2009/07/10/1453/ http://lizards.opensuse.org/2009/08/28/firewall-zone-switcher-updated/ http://www.gitorious.org/opensuse/fwzs What's missing is to listen for NM dbus events to automatically switch zones. Last time I checked it wasn't straight forward (at least to me for an afternoon hack) to get the necessary information from NM. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) _______________________________________________ networkmanager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
