Re: Closing port 631 from other computers

2014-11-03 Thread Ed Greshko
On 11/03/14 14:58, Jarmo Hurri wrote: > The only semi-rational explanation I have for this at the moment is that > internally my LAN address 10.13.3.247 maps to localhost.localdomain, so > maybe connecting to 10.13.3.247 with nmap bypasses the firewall? Yes. You can't check the firewall of a syst

Re: Closing port 631 from other computers

2014-11-02 Thread Jarmo Hurri
Tim writes: > As others have said, you can reconfigure CUPS so that it doesn't listen > to the outside world. > > As they haven't said, yet, I consider this to be the better approach. > Rather than rely on something else (a firewall) to get in the way, > configure services to be more secure, in

Re: Closing port 631 from other computers

2014-11-02 Thread Jarmo Hurri
>> >> [jarmo@localhost ~]$ firewall-cmd --get-active-zones >> public >> interfaces: em1 >> >> [jarmo@localhost ~]$ firewall-cmd --zone=public --list-ports >> >> [jarmo@localhost ~]$ firewall-cmd --zone=public --list-all >>

Re: Closing port 631 from other computers

2014-11-01 Thread Heinz Diehl
On 31.10.2014, Ed Greshko wrote: > Listen localhost:631 Which in fact is the Fedora default.. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.o

Re: Closing port 631 from other computers

2014-10-31 Thread Tim
On Fri, 2014-10-31 at 11:34 +0200, Jarmo Hurri wrote: > After the recent security incidents I am trying to increase the security > of my computer by closing unnecessary ports from outside world. > > The only listening port in my system right now is port 631 (ipp), as > "lsof -i | grep -i listen" r

Re: Closing port 631 from other computers

2014-10-31 Thread Joe Zeff
On 10/31/2014 02:34 AM, Jarmo Hurri wrote: I tried disabling cups services, but then printing stopped working. What else do you expect when you disable the printing service? So ok, I need a connection from my computer to port 631 for printing. But that port should be closed from all other co

Re: Closing port 631 from other computers

2014-10-31 Thread Markus Schönhaber
Am 31.10.2014 um 10:34 schrieb Jarmo Hurri: > So I must be doing something wrong. My questions are: > > 1. Have I diagnosed the situation correctly? Is port 631 really open to >the outside world? Probably. > 2. If port 631 is open, why can I not close it using firewalld? You're very likely

Re: Closing port 631 from other computers

2014-10-31 Thread Ed Greshko
On 10/31/14 18:09, Jarmo Hurri wrote: > Ed Greshko writes: >> cupsd 2349 root 10u IPv4 37790 0t0 TCP *:ipp (LISTEN) >> Does indicate that it is listening on all interfaces. You can prevent >> this by editing your /etc/cups/cupsd.conf to contain the line >> Listen localhost:631 >> Which will r

Re: Closing port 631 from other computers

2014-10-31 Thread Jarmo Hurri
Ed Greshko writes: > cupsd 2349 root 10u IPv4 37790 0t0 TCP *:ipp (LISTEN) > Does indicate that it is listening on all interfaces. You can prevent > this by editing your /etc/cups/cupsd.conf to contain the line > Listen localhost:631 > Which will result in > cupsd 2377 root 11u IP

Re: Closing port 631 from other computers

2014-10-31 Thread Ed Greshko
On 10/31/14 17:34, Jarmo Hurri wrote: > Greetings. > > After the recent security incidents I am trying to increase the security > of my computer by closing unnecessary ports from outside world. > > The only listening port in my system right now is port 631 (ipp), as > "lsof -i | grep -i listen" rep

Closing port 631 from other computers

2014-10-31 Thread Jarmo Hurri
Greetings. After the recent security incidents I am trying to increase the security of my computer by closing unnecessary ports from outside world. The only listening port in my system right now is port 631 (ipp), as "lsof -i | grep -i listen" reports: **