cups question
Brian D
quiet_celt at yahoo.com
Sun Aug 24 03:11:12 CDT 2003
--- Duane Attaway wrote:
> On Fri, 22 Aug 2003, Brian Densmore wrote:
>
> > Yesterday, I opened up my cups server to allow
> local only browsing. So
> > now my primary printer is shared across my LAN. I
> do have one concern. I
> > don't necessarily want to deny access to my
> firewall pc, but is it
> > possible for my LAN to be attacked from without if
> I don't deny the
> > inside of the firewall access to the printer? This
> is of course assuming
> > the firewall PC doesn't get compromised, because
> obviously the entire
> > LAN is wide open if that happens.
>
> If you have iptables on your cups server, you can
> allow tcp connections to
> that port only from your local network and drop (or
> reject) all else.
> This will make it appear to outsiders that there is
> no such port.
>
> If you local network is 192.168.1.x, then let's drop
> everyone else:
>
> iptables -A INPUT -p tcp --dport 631 -j DROP -s
> !192.168.1.0/24
>
My firewall should already block traffic into the
local LAN. I'll check my rules and make sure that
those ports are'nt visible from the outside.
Thanks,
Brian
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
More information about the Kclug
mailing list