[Networkmanager] Can public/trusted network setting return to UI?

Petr Menšík pemensik at redhat.com
Wed Jun 21 14:19:06 UTC 2023


The problem with that approach is I would like to configure also other 
services based on that. Not only ports open to receive requests from 
outside, but also permission to join the interface with mdns service and 
send queries over it.

Is it possible to receive this information to dispatcher script, which 
might customize settings based on its value? Can I adjust services, 
stopping them instead of just blocking access to them?

I would like to set default values for few values, like:

public:

connection.lldp:                        no
connection.mdns:                        no
connection.llmnr:                       no
connection.dns-over-tls:                yes
ipv4.dhcp-send-hostname      no

possibly with ipv4.ignore-auto-dns=yes, and ipv4.dns=8.8.8.8

for trusted:

connection.lldp:                        default
connection.mdns:                        yes
connection.llmnr:                       yes
connection.dns-over-tls:           opportunistic
ipv4.dhcp-send-hostname      yes

I would like to kind of pre-configure different "groups" and assign 
connections to one of them. If I don't override value in connection 
itself, use values from the group. Not to manually specify the same for 
regionjet.cz SSID, CDWIFI SSID, airport SSID and similar places again 
and again. Is something similar possible without having a tool, which 
will copy values on network connection creation?

Kind of derived classes in C++, which get more and more specialized. How 
hard would be implementing something like that?

On 21. 06. 23 14:33, Thomas Haller wrote:
> On Tue, 2023-06-20 at 22:28 +0200, Petr Menšík wrote:
>> Hello!
>>
>> I am old enough to remember there were once specification for each
>> connection, into which type of network it belongs. I kind of like it
>> and
>> it would make sense to me if it returned into configuration not only
>> from command line.
>>
>> There is still connection.zone, but at least UI from GNOME does not
>> allow editing it from the GUI applet.
>>
>> Why do I want it?
>>
>> Basically I have two different approaches for to network I connect:
>>
>> - public network. Conferences, hotels, café or train. Usually all I
>> want
>> is internet connectivity.  I want my privacy protection as strong as
>> it
>> can be. DNS over TLS if possible, no avahi, no services open to
>> network.
>>
>> - trusted network. My home, work, or networks of my friends or
>> relatives. I may want to interact with other devices on this network.
>> That might be smart TV for sharing photos or choosing movie, transfer
>> of
>> files, printer to print on. I want Avahi to discover services and
>> publish my machines name. I do not care about DNS to be encrypted too
>> much, more important is every name has to work. Privacy is reduced to
>> simplify identification of devices.
>>
>> Is there a reason why nothing similar is offered now? With my avahi
>> maintainer hat on, I had to say it does not have runtime
>> reconfiguration
>> yet. For me, having at least connection.zone like select box in UI
>> for
>> connection to networks would be great. Is there some reasoning why it
>> has disappeared?
>
> Hi,
>
> the "connection.zone" property is all that NetworkManager does about
> firewall. It only applies, if you also use firewalld. You would
> configure the zones in firewalld, and "connection.zone" refers to that.
>
> I seem to remember, that nm-connection-editor hides the configuration
> option, if it detects that firewalld is not enabled. I guess you are
> looking at gnome-control-center? I don't know whether it supports the
> zone. If it doesn't, it possibly should. RFE/patch welcome. The
> workaround is to configure the zone using nmcli:
>
>    $ nmcli connection modify "$PROFILE" connection.zone "$ZONE"
>
> Make sure to enable and use firewalld.
>
>
> Thomas
>
-- 
Petr Menšík
Software Engineer, RHEL
Red Hat, http://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB



More information about the Networkmanager mailing list