On 14.05.2022 22:24, Thomas Haller wrote: > Hi, > > > On Sat, 2022-05-14 at 07:38 +0300, Andrei Borzenkov via networkmanager- > list wrote: >>> >>> >>> The background is a security requirement. Unused interfaces must >>> ideally remain disabled at the physical layer when a cable is >>> plugged >>> in. Ideally, the LEDs would also remain dark. >>> >> >> It sounds like >> >> no-auto-default=* >> >> mostly does what you want. > > > that option merely disables that NetworkManager will automatically > generate a profile for ethernet devices, that don't have a profile yet. > Such profiles are called "Wired connection 1", which is how you can > recognize it. > > This does very little magic, you can manually create a profile to the > same effect. In any case, NetworkManager would have already set the > interface IFF_UP at this point -- regardless of "(no-)auto-default". >
Sure, but usual question is - what are the expected threats? Simply having interface up does not hurt anyone (except may be audit company). But having automatic profile on interface allows someone to connect PC with DHCP server and so get known IP address to (attempt to) access the server. This is prevented by no-auto-default. _______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
