Re: Closing port 631 from other computers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, 2014-10-31 at 11:34 +0200, Jarmo Hurri wrote:
> After the recent security incidents I am trying to increase the security
> of my computer by closing unnecessary ports from outside world.
> 
> The only listening port in my system right now is port 631 (ipp), as
> "lsof -i | grep -i listen" reports:
> 
> ************************************************************************
> cupsd     2349   root   10u  IPv4  37790      0t0  TCP *:ipp (LISTEN)
> cupsd     2349   root   11u  IPv6  37791      0t0  TCP *:ipp (LISTEN)
> ************************************************************************
> 
> I tried disabling cups services, but then printing stopped working.

Naturally...

> So ok, I need a connection from my computer to port 631 for
> printing. But that port should be closed from all other computers. At
> the moment it is open to the outside world

As others have said, you can reconfigure CUPS so that it doesn't listen
to the outside world.

As they haven't said, yet, I consider this to be the better approach.
Rather than rely on something else (a firewall) to get in the way,
configure services to be more secure, in themselves.

I can run without a firewall, at all, simply because I don't have things
listening to the world on my systems.  I don't, because I'd rather have
two things looking after me, than just one.  But it's mostly pointless.

-- 
tim@localhost ~]$ uname -rsvp

Linux 3.16.6-203.fc20.i686 #1 SMP Sat Oct 25 13:08:51 UTC 2014 i686

All mail to my mailbox is automatically deleted, there is no point trying
to privately email me, I will only read messages posted to the public lists.

George Orwell's '1984' was supposed to be a warning against tyranny, not
a set of instructions for supposedly democratic governments.

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux