[Networkmanager] Can public/trusted network setting return to UI?

Thomas Haller thaller at redhat.com
Wed Jun 21 12:33:24 UTC 2023


On Tue, 2023-06-20 at 22:28 +0200, Petr Menšík wrote:
> Hello!
> 
> I am old enough to remember there were once specification for each 
> connection, into which type of network it belongs. I kind of like it
> and 
> it would make sense to me if it returned into configuration not only 
> from command line.
> 
> There is still connection.zone, but at least UI from GNOME does not 
> allow editing it from the GUI applet.
> 
> Why do I want it?
> 
> Basically I have two different approaches for to network I connect:
> 
> - public network. Conferences, hotels, café or train. Usually all I
> want 
> is internet connectivity.  I want my privacy protection as strong as
> it 
> can be. DNS over TLS if possible, no avahi, no services open to
> network.
> 
> - trusted network. My home, work, or networks of my friends or 
> relatives. I may want to interact with other devices on this network.
> That might be smart TV for sharing photos or choosing movie, transfer
> of 
> files, printer to print on. I want Avahi to discover services and 
> publish my machines name. I do not care about DNS to be encrypted too
> much, more important is every name has to work. Privacy is reduced to
> simplify identification of devices.
> 
> Is there a reason why nothing similar is offered now? With my avahi 
> maintainer hat on, I had to say it does not have runtime
> reconfiguration 
> yet. For me, having at least connection.zone like select box in UI
> for 
> connection to networks would be great. Is there some reasoning why it
> has disappeared?


Hi,

the "connection.zone" property is all that NetworkManager does about
firewall. It only applies, if you also use firewalld. You would
configure the zones in firewalld, and "connection.zone" refers to that.

I seem to remember, that nm-connection-editor hides the configuration
option, if it detects that firewalld is not enabled. I guess you are
looking at gnome-control-center? I don't know whether it supports the
zone. If it doesn't, it possibly should. RFE/patch welcome. The
workaround is to configure the zone using nmcli:

  $ nmcli connection modify "$PROFILE" connection.zone "$ZONE"

Make sure to enable and use firewalld.


Thomas



More information about the Networkmanager mailing list