On 11/06/2012 07:55 AM, Thomas Woerner wrote:
On 11/06/2012 04:26 PM, Thomas Woerner wrote:
On 11/06/2012 01:07 AM, Chuck Forsberg WA7KGX N2469R wrote:
The new firewall replaces the old "trusted interface" with
multiple "zones" . This would be fine if one could easily
tell which zone each network interface was in and
make changes.
firewalld is not selecting the zone for an interface related to a
connection. NetworkManager does this. The zone is set in the ifcfg
config file, if it is not the default zone.
The only to change an interface's zone is with an arcane
firewall-cmd incantation.
There is a patch for the gtk nm-connection-editor to add a very simple
selection menu for connections. The NM connection editor in KDE is
providing support for this already.
This has been integrated into network-manager-applet upstream and
should hit Fedora soon. Within nm-connection-editor the zone for
interfaces related to a connection can be changed.
Given the new concepts of persistence and zones, the
admin>firewall applet needs to present these concepts
to the user in a clearly intuitive, easy to change way.
Ok, the firewall-applet should provide information on how to do change
zones for connections, I agree.
The current view should be radio buttons.
Each interface should have a selector for which zone
it should be in. Finally, do we need so many zones?
A default of two zones should suffice and be more
understandable. At least don't show zones that aren't used.
There are the base zones: block, drop, public, work and trusted. The
other zones have been added on request. You can also add own zones
according to your needs.
Thomas
It is a month later and and there is no apparent coordination on zones
between
Network Manager and firewall zones. Just now I tried to bring up
"firewall" to see
if it had a useful help option and all I got was a dbus error.
If one can add zones at will, let's ship Firewall with two or three
zones - say public, work,
and trusted. And each network config GUI should have a GUI to assign a
zone to
each network interface.
--
Chuck Forsberg WA7KGX N2469R caf@xxxxxxxx www.omen.com
Developer of Industrial ZMODEM(Tm) for Embedded Applications
Omen Technology Inc "The High Reliability Software"
10255 NW Old Cornelius Pass Portland OR 97231 503-614-0430
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
