[Networkmanager] Can public/trusted network setting return to UI?

Petr Menšík pemensik at redhat.com
Wed Jun 21 17:20:25 UTC 2023

On 21. 06. 23 16:42, Andrei Borzenkov wrote:
> On 21.06.2023 17:19, Petr Menšík wrote:
>> The problem with that approach is I would like to configure also other
>> services based on that. Not only ports open to receive requests from
>> outside, but also permission to join the interface with mdns service and
>> send queries over it.
>> Is it possible to receive this information to dispatcher script, which
>> might customize settings based on its value? Can I adjust services,
>> stopping them instead of just blocking access to them?
>> I would like to set default values for few values, like:
>> public:
>> connection.lldp:                        no
>> connection.mdns:                        no
>> connection.llmnr:                       no
>> connection.dns-over-tls:                yes
>> ipv4.dhcp-send-hostname      no
> See "man NetworkManager.conf" for description how to set default 
> values. ipv4.dhcp-send-hostname is not listed as supported though, I 
> do not know if it is just missing documentation.
The problem is I do not want general default values. I want to choose 
one of two "profiles", from which to set those values. Either one for 
public or trusted networks. Without having to set multiple values for 
each SSID i set public or trusted network. I would like to prepare 
multiple different presets, not just one set of default values.
>> possibly with ipv4.ignore-auto-dns=yes, and ipv4.dns=
>> for trusted:
>> connection.lldp:                        default
>> connection.mdns:                        yes
>> connection.llmnr:                       yes
>> connection.dns-over-tls:           opportunistic
>> ipv4.dhcp-send-hostname      yes
>> I would like to kind of pre-configure different "groups" and assign
>> connections to one of them. If I don't override value in connection
>> itself, use values from the group. Not to manually specify the same for
>> regionjet.cz SSID, CDWIFI SSID, airport SSID and similar places again
>> and again. Is something similar possible without having a tool, which
>> will copy values on network connection creation?
>> Kind of derived classes in C++, which get more and more specialized. How
>> hard would be implementing something like that?
>>> Hi,
>>> the "connection.zone" property is all that NetworkManager does about
>>> firewall. It only applies, if you also use firewalld. You would
>>> configure the zones in firewalld, and "connection.zone" refers to that.
>>> I seem to remember, that nm-connection-editor hides the configuration
>>> option, if it detects that firewalld is not enabled. I guess you are
>>> looking at gnome-control-center? I don't know whether it supports the
>>> zone. If it doesn't, it possibly should. RFE/patch welcome. The
>>> workaround is to configure the zone using nmcli:
>>>     $ nmcli connection modify "$PROFILE" connection.zone "$ZONE"
>>> Make sure to enable and use firewalld.
>>> Thomas
Petr Menšík
Software Engineer, RHEL
Red Hat, http://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB

More information about the Networkmanager mailing list