Closing port 631 from other computers
Jarmo Hurri
jarmo.hurri at iki.fi
Fri Oct 31 09:34:14 UTC 2014
Greetings.
After the recent security incidents I am trying to increase the security
of my computer by closing unnecessary ports from outside world.
The only listening port in my system right now is port 631 (ipp), as
"lsof -i | grep -i listen" reports:
************************************************************************
cupsd 2349 root 10u IPv4 37790 0t0 TCP *:ipp (LISTEN)
cupsd 2349 root 11u IPv6 37791 0t0 TCP *:ipp (LISTEN)
************************************************************************
I tried disabling cups services, but then printing stopped working.
So ok, I need a connection from my computer to port 631 for
printing. But that port should be closed from all other computers. At
the moment it is open to the outside world (10.13.3.247 is the address
of my computer in LAN):
************************************************************************
[jarmo at localhost ~]$ nmap -sT 10.13.3.247
Nmap scan report for 10.13.3.247
Not shown: 999 closed ports
PORT STATE SERVICE
631/tcp open ipp
************************************************************************
I tried to close the port using firewalld. But the port does not seem to
be open, and firewall can not close it. I can freely take a telnet
connection to the port. The first commands show that firewalld is
running and iptables is not.
************************************************************************
[jarmo at localhost ~]$ systemctl status firewalld.service
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: active (running) since Fri 2014-10-31 07:27:45 EET; 3h 58min ago
[jarmo at localhost ~]$ systemctl status iptables.service
iptables.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)
[jarmo at localhost ~]$ firewall-cmd --state
running
[jarmo at localhost ~]$ firewall-cmd --get-active-zones
public
interfaces: em1
[jarmo at localhost ~]$ firewall-cmd --zone=public --list-ports
[jarmo at localhost ~]$ firewall-cmd --zone=public --list-all
public (default, active)
interfaces: em1
sources:
services: dhcpv6-client mdns
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
[jarmo at localhost ~]$ firewall-cmd --zone=public --remove-port=631/tcp
Warning: NOT_ENABLED: '631:tcp' not in 'public'
[jarmo at localhost ~]$ nmap -sT 10.13.3.247
Nmap scan report for 10.13.3.247
Not shown: 999 closed ports
PORT STATE SERVICE
631/tcp open ipp
[jarmo at localhost ~]$ telnet 10.13.3.247 631
Trying 10.13.3.247...
Connected to 10.13.3.247.
Escape character is '^]'.
************************************************************************
So I must be doing something wrong. My questions are:
1. Have I diagnosed the situation correctly? Is port 631 really open to
the outside world?
2. If port 631 is open, why can I not close it using firewalld?
3. What is the best way to deny connections to the port from any other
computer than that of my own? Is it the approach I have taken now?
Thank you for all your help in advance.
Jarmo
More information about the users
mailing list