Mathias Homann schrieb:
On 11/25/2014 01:00 AM, Marcus Meissner wrote:
On Mon, Nov 24, 2014 at 10:50:26PM +0100, Mathias Homann wrote:
The problem is that SuSEFirewall2 can't have the same interface in different zones depending on which wireless you connect to. The problem also is that SCPM is not working with systemd, so it can't be used to switch configurations on boot based on which WiFi you're *going* to connect to.
Did I make myself clear? Is the firewall zone switcher applet (fwzs) perhaps of help?
Ciao, Marcus
"Firewall Zone Switcher consists of a DBus service and a system tray applet that lets the user switch firewall zones of network interfaces."
...that might do as a workaround, but not as complete replacement of what firewalld in connection with network manager can do.
My point is, with firewalld + networkmanager you set the zone *per connection*, not *per physical interface*, and therefor you don't have to do *anything at all* manually while moving between wireless networks.
That's what fwzs does even if it's not obvious from the UI. It remembers which zone was uses for which connection and applies that as soon as NM switches connections. Anyways, SuSEfirewall2 is an aged shell script meant for use on routers. It's not actively developed anymore and IMO deserves to be retired. I don't know if firewalld can be an adequate successor though. Someone has to evaluate that and if necessary implement missing bits in firewalld. I disagree with the idea to have separate firewall implementations for servers and desktops. The line between both is very slim, think of libvirt for example which used for both too. If a simple shell script like SuSEFirewall2 can be enhanced to serve both use cases, it shouldn't be a problem for a program designed and written in a proper programming language either after all. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 21284 (AG Nürnberg) Maxfeldstraße 5; 90409 Nürnberg; Germany -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org