Internet Printing Protocol port 631

Sandy Pond sandy_pond at myrealbox.com
Sat Mar 12 00:30:30 UTC 2005


Hi,

I noticed default firewall rules setup by system-config-securitylevel, a
port is opened to Internet Printing Protocol port 631 allowing UDP
connections.  Rule;

-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT

Points;

1.  You need to add a rule to accept 631 on TCP as well.  Otherwise, IPP
printing will not work.

2.  I think that system-config-printer should not default open port 631
at all, but instead, should have an IPP check box instead (like the
other check boxes for SSH, WWW, etc).

Anyone at Red Hat interested in a patch to system-config-securitylevel,
to add a IPP check box?  I'd also add a box for 224.0.0.251:5353
(Rendezvous) which is also default open.  The default for Rendezvous can
be open if you like, but the patch would allow you to close it, for
instance, on an external interface.

Regards :)




More information about the fedora-test-list mailing list