Hello:
I am noticing that when I install a printer on my local network, I get
an entry added to iptables to the effect of:
+++
-A INPUT -m state --state NEW -m udp -p udp --dprot 631 -j ACCEPT
+++
It actually shows up multiple times, which makes it look like each time
I reinstalled the printer to get things right it did an automatic entry
without bothering to check if it already there.
Everything I can find online makes it sound like this is "to be
expected". However, I am seeing examples of manual additions of this
rule adding a "-s 127.0.0.1". I take this to mean that it limits the
request to "coming from my machine".
Is this a good idea or even necessary? My knowledge of iptables (very
limited but getting better) thinks that the default rule allows any
source addr or destin addr and the only limitation is that it is
restricted to port 631. It would seem that if I wanted to really limit
it, I would make the source addr myself/machine and the destin addr
limited to my LAN (192.168.2.*) --- I'm still searching my notes from
this list for the proper syntax as I know I have been emailed that before.
Am I understanding all this correctly?
Thanks in advance,
Paul
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
