[cups-devel] [UNKN] STR #4618: Using host name in /etc/cups/cupsd.conf Listen directive could make cupsd listen on the wrong IP
Bogdan Szczurek
noreply at cups.org
Tue Apr 14 18:02:36 PDT 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
DO NOT REPLY TO THIS MESSAGE. INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.
[STR Unresolved]
> OK, "Listen hostname" is entirely dependent on DNS to return the right
values.
Yupâhence my suggestion to depend on ânetworkâ, which may not solve
all the problems but someâfor sure. Can it cause any new problems?
> Since there are a lot of variables (besides the order which cupsd is
started)
> for when network facilities are available, you really need to have the
> hostname and any addresses listed in /etc/hosts to make that work
reliably.
Yes, but that's even more evil than just using an explicit IP address right
from the startâ¦
> Moreover, if you have a dynamic address you should not be using "Listen
> hostname" at all. Instead, stick to "Listen *:631" or just "Port 631" -
the
> default ACL will limit access to the local subnet(s), and you can tweak
those
> to prevent access from outside addresses.
You're right, but in that case what good is âListenâ for, beside
specifying local sockets? I mean, since we have ACLs to rely on for
prescribing access rights, it should be perfectly enough to be able to
decide which port we'll be listening on. All the rest can be defined with
the said ACLs. Besides, we can always block some address class(es) on
firewall (e.g. in case when cups server is connected to more than one LAN
and we want to âenable itâ only for some selected network(s)).
I must admit, man page for cups.conf, in section about âListenâ,
doesn't present a form âListen hostname:portâ, but, clearly, it is
implemented. Maybe it should be dropped altogether, or at least described
clearly in just the way you did it for me?
Link: https://www.cups.org/str.php?L4618
Version: -feature
Fix Version: None
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJVLbisAAoJENujp6sI12IjV0EP/24V8JAI2YmH1t5Wv8jnu/cN
D9Mczluf2dizr3Q8LSa7O9AjGqXRqaTDxJ/eqAQYy8YKHyuEm6usW+hQrbVge0oW
J/dQ27VM3WuBJx4cu9Zb1czbBNK12pOHg0wVljniF8ZpEktLuSPwAbBToSEn7K73
mLQLFk2mI+2nWA4OS0meImR22EJ/gloE3Q3Ca36heNYX0OypZCVvSWHf8DafvNK0
gWgthb1aEmX/wBFRsyBf3DDpA3WOSlhLKPhamwDHe8nNT9GH/HtBxgl2gPe7YktA
BSkbb+oAquzFM6hmNJJnul3JBEHy5IoGDOo10qPMl0s0O6yRE/SLz4mpEW/UQPiJ
V/Mexq7Cb4utA9KEr4nAdMlnkpOWgln8vCV4xT6ZnpnDrAtDgmRg9mBIpzMuv6AT
cb/GlWdFKRyIG4zmni7BL3NKC6rdp9KVMjUXP2J4JsEalqwzaFseTrP05isnzNng
iCF6lOitQqqwaVOHU+Z1mn4rhSNjcsIo5teksZima2Nu8Ij7hhKINCb2/JLzqCvJ
Uoyo7QlJ3d8LjkwCV8aOoTGBWcT9Uuakm0qH1/NiniCqC2iXdpS9yoQhcg6vhobJ
mRFwVzHbhvKKPddZsrw/XhKUC74CcZ8iA7rT33fm6AwABY42a8otDp/ih+//W3ia
NWaEQFFZVzlSzPlIr85l
=doRB
-----END PGP SIGNATURE-----
More information about the cups-devel
mailing list