On Wed, 2014-02-19 at 11:42 -0500, Christian Schaller wrote: > Hi, > I ended up calling the firewalld maintainer to understand the state of things > and there is this concept in firewalld called zones that we should be able to > use to create a better user experience, yet at the same time keep the firewall > working when people connect with their laptop at an internet cafe for instance. Just for anyone unfamiliar with it, this works quite a lot like the similar Windows feature. You can set a given NetworkManager connection as being in one of various zones - default set includes the 'special' zones block, drop, dmz and trusted (which do probably approximately what you'd expect from the names) and then external, internal, home, public and work. The system's very flexible and generic, you can define new zones and define the set of services that's blocked and not blocked in each zone. In Fedora at present, 'public' is the default zone for all connections and there's no 'pop up' or anything when you establish a new connection asking you to select a zone, but you can set the zone for a connection from GNOME's network configuration tool or nm-connection-editor. firewalld's config tool lets you set a zone for an *interface*, but this is overridden if a connection on the interface has a zone specified, IIRC, so for a typical Fedora config it's a dead letter. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/desktop
