Hi,
intrigeri wrote (01 Nov 2014 23:48:03 GMT) :
> It's likely that quite some more time can be needed until we have
> a full-fledged UI that gives us all we want, and allows us to switch
> to "forbid RFC1918 by default" without breaking too many existing
> usecases. Our UX folks are already busy with the Greeter revamp (that,
> incidentally, might be part of what we need here).
> So, a first (baby) step that could allow us to start moving in the
> right direction would be to unconditionally allow access to a specific
> list of ports only.
> So, let's start listing usecases.
So, the usecases we've listed are:
* SSH
* downloading from / uploading to a FTP server
* printing a document on a network printer
* going through whatever steps a captive portal asks me to;
this generally involves DNS and HTTP
I'm tempted to propose a branch for Tails 1.3 that blocks access to
the LAN except to these ports. However, that's blocked by the planned
changes wrt. "web browsing on the LAN":
https://labs.riseup.net/code/issues/8218
https://labs.riseup.net/code/issues/7774
https://labs.riseup.net/code/issues/7976
I've asked sajolida on #8218 to sum up the discussion that has
happened on tails-ux@ about it.
Cheers,
--
intrigeri