On Wed, Aug 28, 2019 at 12:45 PM Ed Greshko <ed.greshko@xxxxxxxxxxx> wrote: > On 8/28/19 6:32 PM, Tom H wrote: >> On Wed, Aug 28, 2019 at 11:55 AM Ed Greshko <ed.greshko@xxxxxxxxxxx> wrote: >>> On 8/28/19 5:44 PM, Tom H wrote: >>>> On Tue, Aug 27, 2019 at 11:52 PM Ed Greshko <ed.greshko@xxxxxxxxxxx> wrote: >>>>> >>>>> The easiest way to resolve the issue is to place the interface on >>>>> the NFS server in the "Trusted" firewall zone. The setting for >>>>> that can be found in the Network Manager GUI for that interface >>>>> in the "General Configuration" tab. At least that is what is >>>>> shown on my KDE system. >>>> >>>> Doesn't that essentially disable the firewall?! >>> >>> To an extent. But recall that's Bob's network is connected to a >>> satellite service and already protected by a firewall. I think he >>> needs more protection against his family consuming his data quota. >>> :-) >> >> :) >> >> The problem's that if someone does so on a laptop at home and then >> uses a public network... > > I don't think that is too much of a worry. > > Recall that each Wifi Connection can be assigned a Firewall Zone. > The connection at home will be different than outside of the home. >> >> Whether using "trusted" or adding "nfs" to "home", I suppose that the >> solution is to remember to change to "public" when using a public >> network; in the same way way that you'd want to block 111 and 2049 >> when doing so, whether via firewalld, iptables, nftables, or another >> frontend to the latter two, if they are enabled on a non-public >> network. >> >> It'd be nice to have a way to associate a network and a zone and not >> have to remember easily-forgettable things. Given that NM and >> firewalld haven't done this integration, it's probably less than >> trivial, at least time-wise if not coding-wise. > > It seems integration has been done with Wifi (see above) but not with wired connections. Thanks. I must've missed the introduction of that feature! Stupid me... You can now have "ZONE=" in "/etc/sysconfig/network-scripts/ifcfg-*" or "zone=" in /etc/NetworkManager/system-connections/*". Cool. > In any event, I've never had a need or even considered running an NFS server on a laptop. :-) I used to use it when I went to a company and needed to share out some files that I needed for configuration or installation. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
