Feature changed by: Johannes Meixner (jsmeix) Feature #316708, revision 6 Title: simple laptop user firewall experience (e.g. printing) openSUSE Distribution: New Priority Requester: Desirable Requested by: Susanne Oberhauser (froh) Partner organization: openSUSE.org Description: - context: a laptop user regularly moves between networks with her + Context: a laptop user regularly moves between networks with her laptop. When the user wants to print or use other broadcast-advertised services, then the Laptop should *in an obvious way* help to connect to the services. - Currently "it just does not work", wand what makes things worse, in a + Currently "it just does not work", and what makes things worse, in a non-obvious way. And the firewall, once identifed as the part - preventing to do what the user wants to do, is perceived not as usefull + preventing to do what the user wants to do, is perceived not as useful part of the system but as overjealous hindrance. - It's not simple to reconfigure it "reasonably", opening the IPP port - for broadcasst in the dmz setting is not simple. - Thus there is a high risk of the firewall being just disabled - permanently, especially by users who really should have it up. So the - current system behaviour leads to the opposite of the desired goal. + It's not simple to reconfigure it "reasonably", e.g. opening the IPP + port for incoming broadcasts only in the DMZ is not simple. + Thus there is a high risk of opening ports in the EXT zone or even of + the firewall being just disabled permanently, especially by users who + really should have it up. So the current system behaviour leads to the + opposite of the desired goal. The firewall zone switcher fwzs applet is a first good step into the - right direction. However there is a number of issues that still - interfere: - * on SUSE there is no preconfigured, sane standard mechanism to set the + right direction. + However there is a number of issues that still interfere: + * There is no preconfigured, sane standard mechanism to set the firewall zones depending on the network you connect to, let alone to - remember the setting. e.g. nothing connects the kde network manager to - fwzs. - * the firewall zones are vaguely labeled and defined. The "dmz" zone, aka - "something in between", does not allow IPP broadcasts in, only the - 'private network' allows that. Maybe an additional zone "Internet cafe" - something would be more usefull, which allows to browse broadacasted - services but which protects data on the laptop? And a "Trusted Network - behind a firewall" which allows to share files and services on the - laptop? + remember the setting (e.g. nothing connects the network manager to + fwzs). + * The firewall zones are vaguely labeled and defined. For example the DMZ + is labeled "something in between" and does not allow incoming IPP + broadcasts, only the "private network" (i.e. the INT zone) allows that. + Maybe an additional zone "Internet cafe" or something like that would + be more useful, which allows to browse broadacasted services but which + protects data on the laptop? And a "Trusted Network behind a firewall" + which allows to share files and services on the laptop? -- openSUSE Feature: https://features.opensuse.org/316708