>>>>> "Geoff" == Geoff Thurman <[EMAIL PROTECTED]> writes:
[...] Geoff> The snag is, it appears to me to be impossible. Checking Geoff> /etc/cups/cupsd.conf, I found the place where port 631 is Geoff> allocated, but commenting this out prevents CUPS from Geoff> working. Changing it to 'Listen hostname' (as listed in Geoff> cupsd.conf) is no better. In both cases, trying to print produced Geoff> the error message 'Connection to CUPS server failed. Check that Geoff> CUPS is correctly installed.' "Listen 127.0.0.1:631" will make it listen only on the loopback interface, so it won't be accessible from the outside. So a portscan From the outside (w/o Shorewall), will not detect the open port. [...] Geoff> <Location/> Geoff> Order Deny, Allow Geoff> Deny from all Geoff> Allow from 127.0.0.1 Geoff> </Location> Geoff> Now, this is what is already set up, but netstat still shows Geoff> cupsd as LISTENING. Yup. The "Allow from ..."/"Deny from ..." only limits accesses after they try to connect, and is just another layer of security. BTW, remember that a portscan from your own host is not very useful. Portscan yourself from another host. -- Hubert Chan <[EMAIL PROTECTED]> - http://www.uhoreg.ca/ PGP/GnuPG key: 1024D/124B61FA Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA Key available at wwwkeys.pgp.net. Encrypted e-mail preferred.
pgp00000.pgp
Description: PGP signature
