From Fedora Project Wiki

Revision as of 14:14, 27 June 2011 by Twoerner (talk | contribs) (Created page with "= Network Zones = == Summary == The purpose of this feature request is to be able to classify network connections according to their trust level. A public WIFI network connecti...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Network Zones

Summary

The purpose of this feature request is to be able to classify network connections according to their trust level. A public WIFI network connection for example should be untrusted, a wired home network connection should be fairly trusted.

Please also have a look at these additional features:

Owner

Current status

  • Targeted release: Fedora 16
  • Last updated: 2011-06-27
  • Percentage of completion: 0%

Detailed Description

A network zone describes the trust level of a network connection. Important here is that there is a big difference between a network connection and a network interface. A network interface can be used for many different connections, but a connection is most likely bound to a special network interface.

Currently network connections are unclassified. The user or administrator can not set the trust level of a connection. Additionally the netfilter based firewall in Linux does not know anything about connections - it can only handle network interfaces.

The current firewall solution in Fedora is static and can not enable firewall features for special connections. Either all interfaces are handled in the same way or the user or administrator has to write a complex firewall setup on his own.

The initial network zones:

trusted Fully trusted connections. All incoming traffic is allowed.
home Partly trusted connections. User/administrator defines the the open services.
work
public Mostly untrusted connections. User/administrator defines the the open services.
block Fully untrusted connections. No incoming traffic is allowed.

Benefit to Fedora

Scope

How To Test

User Experience

Dependencies

Contingency Plan

Documentation

Release Notes

Comments and Discussion