Re: Fedora Workstation and disabled by default firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 8/27/19 9:10 AM, Robert Marcano wrote:

On 8/27/19 8:57 AM, Björn Persson wrote:

Robert Marcano wrote:

Maybe, now that NetworkManager implements now its own DHCP client, if
the IP received is not an private address (RFC 1918 for IPv4, some other
consideration should be done for IPv6), Notify the user the connection
is in a secure mode with an option to disable the secure, temporarily or
permanently


First, an RFC 1918 address indicates that you're probably behind an
address translator. It does not prove that other computers on the local
network are friendly. You might be on a public hotspot surrounded by
potentially hostile strangers.
And this is worse than what we currently have where everything is considered friendly? this proposal is protecting situations when the IP address is known to be public.
For completeness, the WiFi case is "simple" to solve because there is something that is missing in wired connections, the SSID, bringing a easier to use firewall zones UI to GNOME Settings could help, maybe instead of listing zones, is should be a simpler "Disable network sharing" or something like that, that sets the "public" zone on that WiFi connection. 





Second, a solution that works only for IPv4 is not a solution in the
year 2019. You need to take IPv6 seriously, or you won't be taken
seriously.
It is my understanding that this is a mailing list where suggestions could be made, without insinuating some kind of bad faith. I explicitly stated "some other consideration should be done for IPv6" because in my country ISPs providing IPv6 are a dream, so I have no way to test or propose a solution I couldn't try on a real scenario. 



Björn Persson


_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ 
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx 




_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux