----- Original Message ----- > On Wed, Jul 29, 2015 at 06:14:10AM -0400, Bastien Nocera wrote: > > > > > > ----- Original Message ----- > > > On Mon, Jul 27, 2015 at 03:27:03PM -0600, Chris Murphy wrote: > > > > Firewalld needs to be easier to inform what networks are trusted, so > > > > that when I go to a cafe it automatically blocks (or drops) requests > > > > to ports 22, 445, 2049, etc. By default. Without asking me. Just do it > > > > because I have no good reason having those available when I'm in a > > > > cafe. And if I do, I'll trust the network. > > > > > > Here, we definitely agree. > > > > Firewalld is as good as unused in Workstation. If you want ssh to run > > per-network (as media, and file sharing do already), we can certainly do > > that. > > sshd_config uses ListenAddress as opposed to allowing interface > declarations. Would per-network be workable for wireless that way? > Or would this mean multiple sshd_config files and running multiple > instances of sshd? No, we'd just stop ssh when on non-authorised networks. That's also what we do for UPnP/DLNA, screen sharing, etc. -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/desktop
