Ed Greshko <ed.greshko(a)greshko.com> writes:
cupsd 2349 root 10u IPv4 37790 0t0 TCP *:ipp (LISTEN)
Does indicate that it is listening on all interfaces. You can prevent
this by editing your /etc/cups/cupsd.conf to contain the line....
Listen localhost:631
Which will result in
cupsd 2377 root 11u IPv4 29156 0t0 TCP localhost:ipp (LISTEN)
If you do only that, the port will remain "open" but nobody outside of
your system will be able to communicate.
I'll try this.
Next, please note that iptables.service is different from and
separate
to firewalld.service. So, forget about it.
I know, I just wanted to show that iptables is *not* running.
Also, you can use firewall-config to manage basic firewalld setting
from a GUI. To close the port you'd uncheck "ipp" .... kind of
obvious. Now, the kicker is that there are multiple zones and you
should check to ensure your network interface is tied to the zone you
are changing.
The thing is, ipp is not checked in *any* interface. This is also shown
in the outputs I gave earlier:
************************************************************************
[jarmo@localhost ~]$ firewall-cmd --get-active-zones
public
interfaces: em1
[jarmo@localhost ~]$ firewall-cmd --zone=public --list-ports
[jarmo@localhost ~]$ firewall-cmd --zone=public --list-all
public (default, active)
interfaces: em1
sources:
services: dhcpv6-client mdns
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
************************************************************************
These also show that my active interface is in public zone, and ipp is
not enabled. So I still do not understand how the port can be open.
Jarmo