Firewall

[Chris Adams]

Once upon a time, Tim Waugh <twaugh at redhat.com> said:
> When I ask CUPS for a list of network printers, it runs the backends
> in /usr/lib/cups/backend.  One of those is /usr/lib/cups/backend/snmp,
> which:
> 
> a) binds to a local unprivileged UDP port
> b) sends a broadcast SNMP request
> c) listens for (unicast) responses to that request
> 
> We don't hear any of those responses because they are not recognised as
> "related" by the kernel.  The iptables rules drop them.
> 
> If the CUPS snmp backend could say to "the firewall", "hey, please allow
> responses on this port I've got for the next few seconds" -- which can
> be controlled using PolicyKit -- then this network discovery would
> finally work.

Congrats, you have re-invented UPnP, although a local-only version
maybe (not that I think that is necessarily a bad thing).

-- 
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.