Closing port 631 from other computers
Tim
ignored_mailbox at yahoo.com.au
Sat Nov 1 06:01:43 UTC 2014
On Fri, 2014-10-31 at 11:34 +0200, Jarmo Hurri wrote:
> After the recent security incidents I am trying to increase the security
> of my computer by closing unnecessary ports from outside world.
>
> The only listening port in my system right now is port 631 (ipp), as
> "lsof -i | grep -i listen" reports:
>
> ************************************************************************
> cupsd 2349 root 10u IPv4 37790 0t0 TCP *:ipp (LISTEN)
> cupsd 2349 root 11u IPv6 37791 0t0 TCP *:ipp (LISTEN)
> ************************************************************************
>
> I tried disabling cups services, but then printing stopped working.
Naturally...
> So ok, I need a connection from my computer to port 631 for
> printing. But that port should be closed from all other computers. At
> the moment it is open to the outside world
As others have said, you can reconfigure CUPS so that it doesn't listen
to the outside world.
As they haven't said, yet, I consider this to be the better approach.
Rather than rely on something else (a firewall) to get in the way,
configure services to be more secure, in themselves.
I can run without a firewall, at all, simply because I don't have things
listening to the world on my systems. I don't, because I'd rather have
two things looking after me, than just one. But it's mostly pointless.
--
tim at localhost ~]$ uname -rsvp
Linux 3.16.6-203.fc20.i686 #1 SMP Sat Oct 25 13:08:51 UTC 2014 i686
All mail to my mailbox is automatically deleted, there is no point trying
to privately email me, I will only read messages posted to the public lists.
George Orwell's '1984' was supposed to be a warning against tyranny, not
a set of instructions for supposedly democratic governments.
More information about the users
mailing list