cups question
Duane Attaway
dattaway at dattaway.org
Sat Aug 23 04:14:04 CDT 2003
On Fri, 22 Aug 2003, Brian Densmore wrote:
> Yesterday, I opened up my cups server to allow local only browsing. So
> now my primary printer is shared across my LAN. I do have one concern. I
> don't necessarily want to deny access to my firewall pc, but is it
> possible for my LAN to be attacked from without if I don't deny the
> inside of the firewall access to the printer? This is of course assuming
> the firewall PC doesn't get compromised, because obviously the entire
> LAN is wide open if that happens.
If you have iptables on your cups server, you can allow tcp connections to
that port only from your local network and drop (or reject) all else.
This will make it appear to outsiders that there is no such port.
If you local network is 192.168.1.x, then let's drop everyone else:
iptables -A INPUT -p tcp --dport 631 -j DROP -s !192.168.1.0/24
I haven't tried that, but I think it should work.
More information about the Kclug
mailing list