Closing port 631 from other computers

Tim ignored_mailbox at
Sat Nov 1 06:01:43 UTC 2014

On Fri, 2014-10-31 at 11:34 +0200, Jarmo Hurri wrote:
> After the recent security incidents I am trying to increase the security
> of my computer by closing unnecessary ports from outside world.
> The only listening port in my system right now is port 631 (ipp), as
> "lsof -i | grep -i listen" reports:
> ************************************************************************
> cupsd     2349   root   10u  IPv4  37790      0t0  TCP *:ipp (LISTEN)
> cupsd     2349   root   11u  IPv6  37791      0t0  TCP *:ipp (LISTEN)
> ************************************************************************
> I tried disabling cups services, but then printing stopped working.


> So ok, I need a connection from my computer to port 631 for
> printing. But that port should be closed from all other computers. At
> the moment it is open to the outside world

As others have said, you can reconfigure CUPS so that it doesn't listen
to the outside world.

As they haven't said, yet, I consider this to be the better approach.
Rather than rely on something else (a firewall) to get in the way,
configure services to be more secure, in themselves.

I can run without a firewall, at all, simply because I don't have things
listening to the world on my systems.  I don't, because I'd rather have
two things looking after me, than just one.  But it's mostly pointless.

tim at localhost ~]$ uname -rsvp

Linux 3.16.6-203.fc20.i686 #1 SMP Sat Oct 25 13:08:51 UTC 2014 i686

All mail to my mailbox is automatically deleted, there is no point trying
to privately email me, I will only read messages posted to the public lists.

George Orwell's '1984' was supposed to be a warning against tyranny, not
a set of instructions for supposedly democratic governments.

More information about the users mailing list