[plasma-nm] [Bug 411359] New: [RFE] Ask for firewall zone upon first connection

Tue, 27 Aug 2019 10:01:22 -0700 

https://bugs.kde.org/show_bug.cgi?id=411359

            Bug ID: 411359
           Summary: [RFE] Ask for firewall zone upon first connection
           Product: plasma-nm
           Version: unspecified
          Platform: Other
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: applet
          Assignee: jgrul...@redhat.com
          Reporter: iu...@fedoraproject.org
  Target Milestone: ---

NetworkManager has support for FirewallD zones, so it would be great if the
applet could

1) ask the user whether it's a private (and thus the user may want to share
resources) or public network (and thus the user may prefer to stay safe) when a
new connection is set up, then

  a) if the user says "private", then configure the connection in the "trusted"
zone (could be configurable);

  b) if the user says "public" or just ignores the question and closes the
applet, then configure the connection in the "public" zone (or the default
zone, could be configurable);

2) show the info about the current zone in the connection details.

Note that 1) is something that Windows 10 already does very well. Of course,
more advanced users could always open the connection editor and change the
zone, or even configure FirewallD directly, but this could be a **huge**
improvement for most users.

Why? Consider Fedora's KDE and GNOME spins. The KDE spin decided to set the
default firewall zone to "public", whereas the GNOME spin (Fedora Workstation)
decided to set a default that leaves open all the ports beyond 1024. KDE folks'
decision is great for security, but it fails miserably from the UX perspective
as soon as a non-experienced user tries e.g. to share some files over the
network at home: it doesn't work, and they don't know what to do. On the other
hand, GNOME folks' decision is great from the UX point of oview, but has
critical security implications (I don't think the user wants to share files in
a café's WiFi or at the airport).

So, all in all, I think that asking *once* whether a new connection should be
private or not and saving the proper firewall zone is the best trade-off
between security and UX.

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to