On 8/27/19 10:03 AM, John Harris wrote:
On Tuesday, August 27, 2019 5:35:08 AM MST Robert Marcano wrote:
> On 8/27/19 8:18 AM, mcatanzaro(a)gnome.org wrote:
>
>> On Tue, Aug 27, 2019 at 2:37 PM, IƱaki Ucar <iucar(a)fedoraproject.org>
>> wrote:
>
>>> There's no need to write "a new style of firewall". It would be
as
>>> easy as asking the user once whether a new connection is trusted or
>>> not. That's it.
>>
>>
>> But, well, how do you do that? What do you show to the user?
>
>
> Maybe, now that NetworkManager implements now its own DHCP client, if
> the IP received is not an private address (RFC 1918 for IPv4, some other
> consideration should be done for IPv6), Notify the user the connection
> is in a secure mode with an option to disable the secure, temporarily or
> permanently
>
>
That wouldn't work. If you hop on public wifi, your IP will most likely be in
a private rang, which would be wide open under this proposal.
Any new Wifi connection could be identified by their SSID, so it could
still be secure by default and ask for that specific connection to be
opened because you trust them. As I proposed on another email, bring
back the NetworkManager zones UI to GNOME Settings, simplified with
being an option to confine that connection to the public zone.
The problem of identifying wired connections still remains and needs
more thinking.