On 12/3/20 1:11 AM, Tim via users wrote:
Tim:
All normal stuff, although they're listening to any address, rather than only listening to local addresses. That could be tightened up for some things, at least. I see no reason for CUPS to listen outside of your LAN, for instance.
Samuel Sieb:
I assume you're referring to the lines like this: tcp 0 0 0.0.0.0:ipp 0.0.0.0:* LISTEN root 22447 947/cupsd
That foreign address is just a placeholder. Nothing is actually connected. The process is listening for a connection and will accept one from anywhere. It's up to the firewall to restrict that.
Yes, but in my opinion, that's a shit way to do things. CUPS is *probably* not such an issue, but other things are more risky. It's not so much a placeholder, as a wildcard (this interface accepts connections from anywhere).
I don't know what you're trying to say here. There is no way to change that placeholder. You can't tell a network socket to only accept connections from certain addresses. That is the purpose of the firewall, nothing else. Of course the application can accept the connection, see that the address is not one it wants to handle and then close it, but that's different than what you're saying.