On Wed, Aug 28, 2019 at 11:55 AM Ed Greshko <ed.greshko@xxxxxxxxxxx> wrote: > On 8/28/19 5:44 PM, Tom H wrote: >> On Tue, Aug 27, 2019 at 11:52 PM Ed Greshko <ed.greshko@xxxxxxxxxxx> wrote: >>> >>> The easiest way to resolve the issue is to place the interface on >>> the NFS server in the "Trusted" firewall zone. The setting for >>> that can be found in the Network Manager GUI for that interface >>> in the "General Configuration" tab. At least that is what is >>> shown on my KDE system. >> >> Doesn't that essentially disable the firewall?! > > To an extent. But recall that's Bob's network is connected to a > satellite service and already protected by a firewall. I think he > needs more protection against his family consuming his data quota. > :-) :) The problem's that if someone does so on a laptop at home and then uses a public network... Whether using "trusted" or adding "nfs" to "home", I suppose that the solution is to remember to change to "public" when using a public network; in the same way way that you'd want to block 111 and 2049 when doing so, whether via firewalld, iptables, nftables, or another frontend to the latter two, if they are enabled on a non-public network. It'd be nice to have a way to associate a network and a zone and not have to remember easily-forgettable things. Given that NM and firewalld haven't done this integration, it's probably less than trivial, at least time-wise if not coding-wise. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
