Thank you: Re: CUPS on a standalone: turn off port 631 how?
On Monday 15 September 2003 9:20 pm, Hubert Chan wrote:
> "Listen 127.0.0.1:631" will make it listen only on the loopback
> interface, so it won't be accessible from the outside. So a portscan
> From the outside (w/o Shorewall), will not detect the open port.
So I *was* missing something. How silly of me to even begin to think
otherwise. My thanks to you, and to Vineet Kumar who also put me right.
> Geoff> <Location/>
> Geoff> Order Deny, Allow
> Geoff> Deny from all
> Geoff> Allow from 127.0.0.1
> Geoff> </Location>
> Geoff> Now, this is what is already set up, but netstat still shows
> Geoff> cupsd as LISTENING.
> Yup. The "Allow from ..."/"Deny from ..." only limits accesses after
> they try to connect, and is just another layer of security.
> BTW, remember that a portscan from your own host is not very useful.
> Portscan yourself from another host.
All of which is very helful and informative. I now feel much more
secure. Thanks again.