I have a laptop. When I use it at home, it connects to my WPA wireless router. This is a secure environment (secure enough for my purposes, anyway) and when I'm at home I want my laptop to allow inbound SSH connections so that my desktop can access it.

On the other hand, when I'm using my laptop away from home, I don't want anything to be able to access it.

Is there a firewall that will automatically change inbound permissions based on what wireless access point I am connected to? It would be great if I could say "allow inbound SSH and NFS when I am connected to a wireless access point with this SSID and this WPA password. Otherwise, don't allow anything inbound."

I don't know how well this will work but you could try it. Setup a rule to allow inbound nfs and ssh to whatever network your wireless router uses for dhcp. You could try using an obscure network address on your router so you have less of a chance of having another wap assign you an ip from that network.

Thanks. I've been looking at the iptables documentation. I'm thinking what I'll try is to set up rules that block all incoming traffic unless it comes from a computer with my desktop machine's IP address and MAC address. IP address filtering wouldn't be enough on its own because when I take the laptop on the road, another machine might have the same IP address on the network (192.168.x.x). And of course MACs can be spoofed. But put these two together and I should have a secure setup (combined of course with making sure the SSH and NFS is secure.)

Alright, so I wrote a scrit and it seems to work pretty well. I've got the source code here if you need a similar setup:

http://www.smileystation.com/laptopwall.php