On Thursday 2008-08-14 21:35, Grant Taylor wrote: > On 8/14/2008 1:51 PM, Stephen Isard wrote: > >> I'm wondering whether there are iptables rules that will permit >> cups snmp printer discovery to operate without creating a serious >> security risk. > > I wonder if you could not use the "recent" match extension to > ""remember when a cups broadcast has gone through. Nope that would not work because the source and destination addresses are flipped on return packets, and then you even have the .255 thing. That smells like a feature request - me to the rescue! (I think that would be much preferable over having a ton of connection helpers) -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
