Skip to content
GitLab

Integration of networks editor in gnome-control-center with Firewalld zones associated with NetworkManager connection

Users can work with multiple connection or roam between different WiFi connections when using a laptop.

If firewalld is available and running, the NetworkManager APIs provide ability to set firewall zone for each configured connection (either at the same moment like VPNs, Docker networks, WiFi + Eth, or in possible different moments like different WiFi connections).

With firewalld being active, one can easily modify the zone of his/her connection by CLI:

nmcli connection modify $connection connection.zone $zone

nm-applet do provide way to modify networks' firewall zone, in the connection editor.

KDE's systemsettings5 too.

However, Gnome settings doesn't provide any facility to set the zones in the connection editor.

I read what stated in gnome-shell#1550 (closed) and network-manager-applet#72 (closed) and understand/agree the decision to close them since having a default zone and modify it manually when needed, could be better.

However, a combo/select in one of the edit connection panels of the gnome-control-center can be helpful whenever a user is configuring his/her network and wants to also set the desired firewall zone to use with that connections.

As anticipated, use cases can be multiple:

  • Different WiFi connections can lay to different level of required security (i.e., home connection can be considered trusted, WiFi at a bar should rather be considered "public" and drop incoming connections to possible enabled services like ssh, samba and so on);
  • A user can connect to one or more VPNs at the same time, and would stay safe to not expose the same services as above to other VPN users;
  • A user can connect, at the same time, to ethernet and wifi connection, like one for maintenance and the other with internet access. Level of trustness may be different.

Proposed Mockups

A ComboBox in the identity would be enough. To my knowledge it's available for any kind of connection that can need this setting.

Development Tasks

I wouldn't make a list since I'm neither a GTK/Gnome developer nor can immediately contribute to this work (also if I would).

QA Tasks

As above

Edited by Alessandro Di Stefano