>> Totally agree with you there, it's handy to scp files to/from
>> persistent storage at times so there should be the option of
>> connecting to machines on the lan. Putting that option in the
>> greeter was what I had in mind.
>
> Good. :)
>
>> >The last discussion about this lead to think that we should close
>> >those ports by default, and provide an option in tails-greeter to
>> >allow communication with other hosts on the LAN. This requires a
>> >little bit of work, though.
>> >
>> >As Tails team is overloaded, it would be great if you could help us!
>>
>> I'll take a look at how it's all put together and see if I can
>> contribute something. I'm OK at bash script and a little python, but
>> if the greeter's written in perl my head may asplode!
>
> Good thing then. The code for tails-greeter is far from being nice, but
> it is written in Python. The code that forwards its settings to the
> running system is a shell script. :)
>
> The Git repository can be cloned from:
>
> git clone git://git.immerda.ch/tails/tails-greeter.git
>
> And viewed from the web at:
>
> http://git.immerda.ch/?p=tails/tails-greeter.git
>
> The firewall itself currently lies in
> `config/chroot_local-includes/etc/firewall.conf` of the `amnesia.git`
> repository:
>
> git clone git://git.immerda.ch/amnesia.git
>
> and:
>
> http://git.immerda.ch/?p=amnesia.git
>
> Please ask any follow-up question on tails-dev@; there is no reason to
> keep that discussion private.
>
> Have fun!
Not sure if this will trigger a subscription of go into a moderation queue
so I'll make it a valid post too, and if a person reads it add me to the
mailing list.
I'm ignoring GIT and just looking at the live system at this time, I'll
try to make diffs of whatever I develop though.
Ny notes so far for this. I'm a little confused about the whole
python/glade thing and exactly where options and buttons get put on the
screen. I've only done a tiny amount of python programming and none with a
gui of any sort. The rest seems fairly straignhforward though. I'll do a
bit more digging. Just letting you know I'm not much of a programmer and
learning a lot as I go, so expect this to take me several weeks.
tails greeter mod for filter lan option;
Displaying the option, happens somewhere in tails-greeter
Basically we want to duplicate 'camoflage' but make it 'firewall_lan'
root@amnesia:/usr/share/tails-greeter# cat /usr/bin/tails-greeter
#!/bin/bash
cd /usr/share/tails-greeter/
/usr/bin/python ./community-greeter.py
Reference to Camouflage_* in
/usr/share/tails-greeter/optionwindows.glade
Settings would get written to /var/lib/gdm3/tails.firewall_lan
Then we make it happen (iptables something something DROP) from
/etc/gdm3/PostLogin/Default
Currently firewall rules are in
/etc/firewall.conf
Probably make the default to drop lan access, and then add/delete a rule
from iptables to allow it if the user wants.
