Matthew Miller wrote: >> I'n wondering if it is possible to have Centos-7 automatically change >> firewall zones, depending on the network we conect to. > The way to do this is changing the zone for the network in > NetworkManager. Are there two different ways of setting firewalld zones, in firewalld and in NetworkManager? Which is taken if they differ? > (This works easily for wifi networks and is kind of a > pain for wired ones, unfortunately, since there's not necessarily a > good way to distinguish.) I don't have a CentOS (or RHEL) desktop and I > don't remember offhand when this hit, but in Fedora, run the > NetworkManager config panel, hit config on a network, and change the > zone on the Security tab. > > Or, put "ZONE=public" or "ZONE=work" or whatever in the ifcfg file for > the network. > > I'm hoping in the future to make this better, but there are actually a > lot of different parts involved so it's hard to get everyone to agree > on the best approach. > > I personally make "public" my default zone, and then add zones that > should be more trusted to networks that should be more open. I find the firewalld definition of "zones" rather confusing. I run shorewall on my home server, and that seems to me to have a much simpler definition of zones. -- Timothy Murphy gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin