nftables: how to self detect public/private network connection and chose appropriate chains?
by hanserikbusk from LinuxQuestions.org on (#53AZR)
I use my laptop most of the time behind a pfSense firewall; but quite often in more public places connected by wifi or ethernet.
The laptop firewall must of course have different sets of restrictions in the public and private environment, and I want the shift between the two to be automatic.
My private network at home gives the laptop a fixed ip (MAC-based) in the 192.168.*.* net by way of DHCP, that could be used as a reliable and not too unsafe indicator for connection to the private net, and somehow (by dictionaries or maps?) select the more relaxed chain for private network.
Otherwise the stricter chain should be used.
As I am still quite new with nftables, I would like to know if there is a nicer solution; I feel my idea is a bit too patchy :(
The laptop firewall must of course have different sets of restrictions in the public and private environment, and I want the shift between the two to be automatic.
My private network at home gives the laptop a fixed ip (MAC-based) in the 192.168.*.* net by way of DHCP, that could be used as a reliable and not too unsafe indicator for connection to the private net, and somehow (by dictionaries or maps?) select the more relaxed chain for private network.
Otherwise the stricter chain should be used.
As I am still quite new with nftables, I would like to know if there is a nicer solution; I feel my idea is a bit too patchy :(