On Sun, 2007-04-15 at 14:17 -0700, Tom Eastep wrote:
> Karsten Bräckelmann wrote:
>
> > ===================================================================
> > --- Shorewall-common/macro.IPP (revision 5936)
> > +++ Shorewall-common/macro.IPP (working copy)
> > @@ -9,4 +9,5 @@
> > #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE
> > USER/
> > # PORT PORT(S) DEST LIMIT GROUP
> > PARAM - - tcp 631
> > +PARAM - - udp 631
> > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
>
> Karsten,
>
> Have you tested this? I though that IPP used UDP 631 broadcasts; if so,
> you need to also include the (very insecure) rule:
>
> PARAM DEST SOURCE udp - 631
>
> That allows any UDP traffic with source port 631 in the reverse direction.
That would be the "note" in my previous post, no? Anyway, why should
one accept traffic from port 631 to a random destination port, if the
CUPS server is listening on dest port 631 only?
Unfortunately I don't have the time to test this right now, but
hopefully I'll get around to it soon.
karsten
--
[ESR] Eric S. Raymond: "How To Ask Questions The Smart Way"
http://www.catb.org/~esr/faqs/smart-questions.html
[SGT] Simon G. Tatham: "How to Report Bugs Effectively"
http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
