[cups-devel] [UNKN] STR #4618: Using host name in /etc/cups/cupsd.conf Listen directive could make cupsd listen on the wrong IP
noreply at cups.org
Tue Apr 14 18:02:36 PDT 2015
-----BEGIN PGP SIGNED MESSAGE-----
DO NOT REPLY TO THIS MESSAGE. INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.
> OK, "Listen hostname" is entirely dependent on DNS to return the right
Yup—hence my suggestion to depend on “network”, which may not solve
all the problems but some—for sure. Can it cause any new problems?
> Since there are a lot of variables (besides the order which cupsd is
> for when network facilities are available, you really need to have the
> hostname and any addresses listed in /etc/hosts to make that work
Yes, but that's even more evil than just using an explicit IP address right
from the start…
> Moreover, if you have a dynamic address you should not be using "Listen
> hostname" at all. Instead, stick to "Listen *:631" or just "Port 631" -
> default ACL will limit access to the local subnet(s), and you can tweak
> to prevent access from outside addresses.
You're right, but in that case what good is “Listen” for, beside
specifying local sockets? I mean, since we have ACLs to rely on for
prescribing access rights, it should be perfectly enough to be able to
decide which port we'll be listening on. All the rest can be defined with
the said ACLs. Besides, we can always block some address class(es) on
firewall (e.g. in case when cups server is connected to more than one LAN
and we want to “enable it” only for some selected network(s)).
I must admit, man page for cups.conf, in section about “Listen”,
doesn't present a form “Listen hostname:port”, but, clearly, it is
implemented. Maybe it should be dropped altogether, or at least described
clearly in just the way you did it for me?
Fix Version: None
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: GPGTools - https://gpgtools.org
-----END PGP SIGNATURE-----
More information about the cups