CUPS on a standalone: turn off port 631 how?

• Previous message: Mark Ferlatte: "Re: Bind 9 chroot now slave/tmp- failed"
• Next in thread: Hubert Chan: "Re: CUPS on a standalone: turn off port 631 how?"
• Reply: Hubert Chan: "Re: CUPS on a standalone: turn off port 631 how?"
• Reply: Vineet Kumar: "Re: CUPS on a standalone: turn off port 631 how?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: debian-user@lists.debian.org
Date: Mon, 15 Sep 2003 19:24:08 +0200

Hello all.

I'm a novice, so if this is all nonsense or I'm missing something easy
please forgive me.

I'm still using more or less what I installed from Knoppix 3.2, with
which I am happy enough. When I first did the installation I closed all
open ports apart from 631 - the one used by CUPS. The security howto
advises to close this one as well, but I couldn't work out how to do
this - and I still cannot. I am behind Shorewall, but on first
principles I want that port closed.

The snag is, it appears to me to be impossible. Checking
/etc/cups/cupsd.conf, I found the place where port 631 is allocated,
but commenting this out prevents CUPS from working. Changing it to
'Listen hostname' (as listed in cupsd.conf) is no better. In both
cases, trying to print produced the error message 'Connection to CUPS
server failed. Check that CUPS is correctly installed.'

Googling, I found more advice to close 631 if you have no LAN, but no
explanation of how to do it. There was, however, advice on setting up a
network, and this said that the following (default) Location section in
cupsd.conf allows no access that does not originate from your own
computer:

<Location/>
Order Deny, Allow
Deny from all
Allow from 127.0.0.1
</Location>

Now, this is what is already set up, but netstat still shows cupsd as
LISTENING. So is it the case, as it now seems to me, that CUPS must
have a port open to work, LAN or no LAN, but that it can still block
access even so? And doesn't this mean that my computer is attracting
attention like the well-lit window of a closed store? Or it will be if
Shorewall fails. Or is there in fact a way to close the port?

Again, sorry if this is all nonsense, or if I'm missing something
obvious.

Geoff

-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

• Previous message: Mark Ferlatte: "Re: Bind 9 chroot now slave/tmp- failed"
• Next in thread: Hubert Chan: "Re: CUPS on a standalone: turn off port 631 how?"
• Reply: Hubert Chan: "Re: CUPS on a standalone: turn off port 631 how?"
• Reply: Vineet Kumar: "Re: CUPS on a standalone: turn off port 631 how?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]