On Sat, Mar 05, 2011 at 03:20:29PM -0500, Chuck Anderson wrote: > On Sat, Mar 05, 2011 at 05:55:54PM +0100, Matej Kovacic wrote: > > Hi, > > > > > We've talked about this sort of vague plan in the past, tweaking the > > > firewall settings based on your location. Obviously that doesn't work > > > so well for wired because you're never 100% what network you're > > > connected to, but for wifi if the AP requires a passphrase or is WPA > > > Enterprise, you're pretty sure you can trust your location. > > What about arp -a or nmap gateway IP? > > Using the MAC address of the gateway as discovered by ARP seems > reasonable, but nmapping the gateway IP is not. I will ban any device > on my network that scans the router. > > Keep in mind though that sometimes the MAC address might change...like > various redundancy setups, hardware replacement, etc. It might also > change if you plug into a different subnet of the same router in the > same administrative domain (or it might not, depending on the model > and configuration of the router(s)). That could be useful or not > depending on your perspective. I suppose that would happen > infrequently enough that the MAC address is "good enough" for a stable > LAN identifier. Ideally, the user should be able to pick a location > such that they could associate the same location with the various > subnets and/or WiFI SSIDs they connect to that are part of the same > administrative domain.
More issues: If VRRP or similar protocols are in use, you could have the same MAC address on different networks in different administrative domains. Perhaps the key should be a combination of various parameters, such as subnet address/prefix length, gateway IP, and gateway MAC. _______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list