Christian Schaller <cschalle@xxxxxxxxxx> wrote: > > > > >----- Original Message ----- >> From: "Bastien Nocera" <bnocera@xxxxxxxxxx> >> To: "Discussions about development for the Fedora desktop" <desktop@xxxxxxxxxxxxxxxxxxxxxxx> >> Sent: Wednesday, February 19, 2014 6:40:37 PM >> Subject: Re: technical spec for the workstation up for review >> >> >> >> ----- Original Message ----- >> > Hi, >> > I ended up calling the firewalld maintainer to understand the state of >> > things >> > and there is this concept in firewalld called zones that we should be able >> > to >> > use to create a better user experience, yet at the same time keep the >> > firewall >> > working when people connect with their laptop at an internet cafe for >> > instance. >> >> Right. But firewalld can't a Fedora-only solution, otherwise no application >> developer >> will want to integrate with it. > >We don't need the application developer to intergrate with it. All we do is that >in the GNOME Shell/NetworkManager we ask a question the first time you connect to >a new network, something like 'Is this a trusted network?'. If the answer is yes >we put firewalld in trusted network mode for that network, and everytime the user connects >to that network afterwards we default to that trusted setting without asking again. >In this mode the firewall will let basically anything through. > >For untrusted networks like conference wifi or internet cafes people choose 'not trusted' >and we use the current firewalld default. > >These settings can then be toggled in the connection manager if you at any point want >a specific network to become trusted/untrusted. > >This model is very simply (just 2 modes) and it gives our users some extra security when >connecting their laptops in public places, including protecting them from themselves in >terms of accidentally sharing their private photos and videos on a public network. >It should also be quite unobtrusive. > > >Christian >-- >desktop mailing list >desktop@xxxxxxxxxxxxxxxxxxxxxxx >https://admin.fedoraproject.org/mailman/listinfo/desktop -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/desktop
