[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Thank you: Re: CUPS on a standalone: turn off port 631 how?



On Monday 15 September 2003 9:20 pm, Hubert Chan wrote:
>
> "Listen 127.0.0.1:631" will make it listen only on the loopback
> interface, so it won't be accessible from the outside.  So a portscan
> From the outside (w/o Shorewall), will not detect the open port.
>


So I *was* missing something. How silly of me to even begin to think 
otherwise. My thanks to you, and to Vineet Kumar who also put me right.


> [...]
>
> Geoff> <Location/>
> Geoff> Order Deny, Allow
> Geoff> Deny from all
> Geoff> Allow from 127.0.0.1
> Geoff> </Location>
>
> Geoff> Now, this is what is already set up, but netstat still shows
> Geoff> cupsd as LISTENING.
>
> Yup.  The "Allow from ..."/"Deny from ..." only limits accesses after
> they try to connect, and is just another layer of security.
>
> BTW, remember that a portscan from your own host is not very useful.
> Portscan yourself from another host.

All of which is very helful and informative. I now feel much more 
secure. Thanks again.

Geoff



Reply to: