I think your original problem is getting “lost in translation”.
If I understood it correctly, you have one laptop which you would like to :
CONDITION A - WHEN AT HOME
- automatically connect to the home network
- enable file and print sharing to a restricted number of PCs
CONDITION B - WHEN AWAY FROM HOME
- automatically connect to the “away from home” network
- disable file and print sharing absolutely
and you would like this done without you having to change anything.
If this is correct, then, AFAIK, it can’t be done without you having to change something for the following reasons;
You are dealing with two disparate environments - the home network and the “not at home” network. You can control the network parameters of the home network, but the parameters of the “not at home” network are beyond your control.
As such, we can modify the DHCP address allocation range of the home network to a relatively uncommon range (this is needed to more clearly differentiate between the home network and the “not at home” network), ensure that it is only going to allocate addresses for the exact number of machines that we want to connect to the home network and then create a tight ruleset that allows file sharing to take place only from specific addresses within the relatively uncommon home network DHCP range and blocks file sharing from all other IP addresses.
Assuming that this has been done, when the laptop goes to the “not at home” network, if it is allocated an IP that is not in the same address range as the home network (and therefore the other PCs on the “not at home” network would also be in this “not at home” address range), the tight file sharing rule that referred to addresses specific to the home network would block file sharing access.
If, on the other hand, when the laptop goes to the “not at home” network and it is allocated an IP address in the same address range used for the home network, then our tight rule will only allow file sharing to occur between our laptop and the specific IPs nominated in our rule.
Router IP : 172.31.252.252
Router DHCP allocation range : 172.31.252.248 - 172.31.252.251
Laptop IP : (DHCP assigned) 172.31.252.251 (only want to share files with PC#1)
PC #1 IP : (DHCP assigned) 172.31.252.250
PC #2 IP : (DHCP assigned) 172.31.252.249
PC #3IP : (DHCP assigned) 172.31.252.248
In the CFP network monitor running on the laptop, we need to have a zone defined as 172.31.252.248 to 172.31.252.252. This is to try and get out home network out of the way, as much as possible, of the normally assigned address ranges. We then need to add a rule that allows port 137 and 138 traffic from PC#1 (you would need to find out the host name or computer name first - we need to use names as the actual address could change from machine to machine). We then need to have another rule that explicitly blocks the file sharing traffic from any name other than the name used to allow the traffic to PC#1.
The only time this would come unstuck is if the “not at home” network" was using the same address range as the home network. In this case, your laptop would be shareable with one other IP address on the “not at home” network (providing it had the same “name” as the home network PC), assuming the two rules outlined above had been set up. A small risk, but a risk nonetheless.
Other than this method, you will have to change something, like manually disabling sharing. Like it or not, to make an omlette, you have to break a few eggs. You are moving between a semi trusted network and an untrusted network and your firewall can’t be expected to just “know” when you are at home and when you are not.
Hope this helps,