Once upon a time, Bill Nottingham <notting@xxxxxxxxxx> said: > Chris Adams (cmadams@xxxxxxxxxx) said: > > > a) binds to a local unprivileged UDP port > > > b) sends a broadcast SNMP request > > > c) listens for (unicast) responses to that request > > > > > > We don't hear any of those responses because they are not recognised as > > > "related" by the kernel. The iptables rules drop them. > > > > > > If the CUPS snmp backend could say to "the firewall", "hey, please allow > > > responses on this port I've got for the next few seconds" -- which can > > > be controlled using PolicyKit -- then this network discovery would > > > finally work. > > > > Congrats, you have re-invented UPnP, although a local-only version > > maybe (not that I think that is necessarily a bad thing). > > I could be wrong, but I'd guess that any SNMP implementation probably > predates UPnP by a good bit. Oh yeah, that's not what I meant. I meant the "daemon needs to notify firewall of temporary change" mechanism is not a new requirement. UPnP may not be the best way of doing that, but it would probably be better to implement that for this kind of thing, rather than re-invent the wheel. -- Chris Adams <cmadams@xxxxxxxxxx> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
