On 12/3/20 1:11 AM, Tim via users wrote:
Tim:
All normal stuff, although they're listening to any address, rather
than only listening to local addresses. That could be tightened up
for some things, at least. I see no reason for CUPS to listen
outside of your LAN, for instance.
Samuel Sieb:
I assume you're referring to the lines like this:
tcp 0 0 0.0.0.0:ipp 0.0.0.0:* LISTEN root 22447 947/cupsd
That foreign address is just a placeholder. Nothing is actually
connected. The process is listening for a connection and will
accept one from anywhere. It's up to the firewall to restrict that.
Yes, but in my opinion, that's a shit way to do things. CUPS is
*probably* not such an issue, but other things are more risky. It's
not so much a placeholder, as a wildcard (this interface accepts
connections from anywhere).
I don't know what you're trying to say here. There is no way to change
that placeholder. You can't tell a network socket to only accept
connections from certain addresses. That is the purpose of the
firewall, nothing else. Of course the application can accept the
connection, see that the address is not one it wants to handle and then
close it, but that's different than what you're saying.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx