[opensuse-security] Firewall zone assignment for network (interfaces)
Hi, I have just translated one of YaST-Printer help strings, which talks about Printing via Network and how to get working CUPS in trusted and untrusted network zones. (BTW, it links to this article https://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings) 1) The text seems to be very complicated. It took me long time to understand what it tries to describe. 2) The zone assignment is very good way to manage network security configuration. But if you are traveling with computer (notebook), it isn't good idea to force users to remember which zone was assigned last. There could be some easy way to switch your network profiles and it's security. I know, there is a NetworkManager, but does it manage security side of networking (firewall)? Is there any existing comfortable way to manage firewall profiles eg. by some applet? In Windows world there is a setup wizard which appears when you are connected to the new network. You can select, if the network is home, work or Public and according your choice, it assigns firewall security profile. This settings is saved and when you come to same network again, it loads right profile automatically. Could something like this do (openSUSE) Linux desktop? Are there any existing tools? Thanks. Jan Papež (honyczek) -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
Hello, On Jan 28 22:32 Jan Papež (mailing lists) wrote (excerpt):
2) The zone assignment is very good way to manage network security configuration. But if you are traveling with computer (notebook), it isn't good idea to force users to remember which zone was assigned last. There could be some easy way to switch your network profiles and it's security. I know, there is a NetworkManager, but does it manage security side of networking (firewall)? Is there any existing comfortable way to manage firewall profiles eg. by some applet?
There is the package "fwzs" that should provide a "Tray applet that allows to switch firewall zones of interfaces". For its sources see https://build.opensuse.org/package/show?package=fwzs&project=devel%3AopenSUSE%3AFactory and http://gitorious.org/opensuse/fwzs But I am neither a user nor a developer of "fwzs" and I don't know whether or not "fwzs" is still actively maintained/developed because according to http://gitorious.org/opensuse/fwzs and according to "osc cat openSUSE:Factory fwzs fwzs.changes | head" the last "fwzs" changes happened in October 2011. Kind Regards Johannes Meixner -- SUSE LINUX Products GmbH -- Maxfeldstrasse 5 -- 90409 Nuernberg -- Germany HRB 16746 (AG Nuernberg) GF: Jeff Hawn, Jennifer Guild, Felix Imendoerffer
On 01/28/2013 10:32 PM, Jan Papež (mailing lists) wrote:
Hi,
2) The zone assignment is very good way to manage network security configuration. But if you are traveling with computer (notebook), it isn't good idea to force users to remember which zone was assigned last. There could be some easy way to switch your network profiles and it's security. I know, there is a NetworkManager, but does it manage security side of networking (firewall)? Is there any existing comfortable way to manage firewall profiles eg. by some applet?
In Windows world there is a setup wizard which appears when you are connected to the new network. You can select, if the network is home, work or Public and according your choice, it assigns firewall security profile. This settings is saved and when you come to same network again, it loads right profile automatically.
Could something like this do (openSUSE) Linux desktop? Are there any existing tools?
Look for the package scpm in software.opensuse.org With scpm you can setup a profile for anything not limited to firewall settings. You will need to setup each profile once and then during boot or if the need arises during runtime you can switch the profile that meets your needs Togan -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
participants (3)
-
Jan Papež (mailing lists) -
Johannes Meixner -
Togan Muftuoglu