* Geoff Thurman (geoffthur@ntlworld.com) [030915 11:45]: > I'm still using more or less what I installed from Knoppix 3.2, with > which I am happy enough. When I first did the installation I closed all > open ports apart from 631 - the one used by CUPS. The security howto > advises to close this one as well, but I couldn't work out how to do > this - and I still cannot. I am behind Shorewall, but on first > principles I want that port closed. > > The snag is, it appears to me to be impossible. Checking > /etc/cups/cupsd.conf, I found the place where port 631 is allocated, > but commenting this out prevents CUPS from working. Changing it to > 'Listen hostname' (as listed in cupsd.conf) is no better. In both > cases, trying to print produced the error message 'Connection to CUPS > server failed. Check that CUPS is correctly installed.' Use this in /etc/cups/cuspd.conf: Listen 127.0.0.1:631 Then cups will only listen on localhost. Remote connections to tcp/631 will be refused outright. good times, Vineet -- http://www.doorstop.net/ -- http://www.debian.org/
Attachment:
pgp1EbEbYKuab.pgp
Description: PGP signature