>> Totally agree with you there, it's handy to scp files to/from >> persistent storage at times so there should be the option of >> connecting to machines on the lan. Putting that option in the >> greeter was what I had in mind. > > Good. :) > >> >The last discussion about this lead to think that we should close >> >those ports by default, and provide an option in tails-greeter to >> >allow communication with other hosts on the LAN. This requires a >> >little bit of work, though. >> > >> >As Tails team is overloaded, it would be great if you could help us! >> >> I'll take a look at how it's all put together and see if I can >> contribute something. I'm OK at bash script and a little python, but >> if the greeter's written in perl my head may asplode! > > Good thing then. The code for tails-greeter is far from being nice, but > it is written in Python. The code that forwards its settings to the > running system is a shell script. :) > > The Git repository can be cloned from: > > git clone git://git.immerda.ch/tails/tails-greeter.git > > And viewed from the web at: > > http://git.immerda.ch/?p=tails/tails-greeter.git > > The firewall itself currently lies in > `config/chroot_local-includes/etc/firewall.conf` of the `amnesia.git` > repository: > > git clone git://git.immerda.ch/amnesia.git > > and: > > http://git.immerda.ch/?p=amnesia.git > > Please ask any follow-up question on tails-dev@; there is no reason to > keep that discussion private. > > Have fun!
Not sure if this will trigger a subscription of go into a moderation queue so I'll make it a valid post too, and if a person reads it add me to the mailing list. I'm ignoring GIT and just looking at the live system at this time, I'll try to make diffs of whatever I develop though. Ny notes so far for this. I'm a little confused about the whole python/glade thing and exactly where options and buttons get put on the screen. I've only done a tiny amount of python programming and none with a gui of any sort. The rest seems fairly straignhforward though. I'll do a bit more digging. Just letting you know I'm not much of a programmer and learning a lot as I go, so expect this to take me several weeks. tails greeter mod for filter lan option; Displaying the option, happens somewhere in tails-greeter Basically we want to duplicate 'camoflage' but make it 'firewall_lan' root@amnesia:/usr/share/tails-greeter# cat /usr/bin/tails-greeter #!/bin/bash cd /usr/share/tails-greeter/ /usr/bin/python ./community-greeter.py Reference to Camouflage_* in /usr/share/tails-greeter/optionwindows.glade Settings would get written to /var/lib/gdm3/tails.firewall_lan Then we make it happen (iptables something something DROP) from /etc/gdm3/PostLogin/Default Currently firewall rules are in /etc/firewall.conf Probably make the default to drop lan access, and then add/delete a rule from iptables to allow it if the user wants. _______________________________________________ tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev
