Mailinglist Archive: opensuse (783 mails)

< Previous Next >
[opensuse] Why I'm not absolutely using CUPS
On 09/10/17 11:48 AM, Carlos E. R. wrote:
On 2017-10-09 17:45, Anton Aylward wrote:
It can also simplify ACLs.
Personally I hate the idea of early binding ACLs but sometimes it is very
useful.

I can tell my printer to refuse any device on the network that isn't my PC,
my
phone or or my laptop or my tablet. It is a simple security hack.

This could be interesting to force anybody in a network going to print
to do it via the cups server instead of directly to the printer.

How do you do that?

Maybe on a different thread.

Well CUPS has its own ACL

I did try installing CUPS for Android on my devices but either I couldn't get it
configured or it was broken, so tablet -> cups server -> printer is a a No-Go.

However the tablet and the phone, when on the same network (as opposed off on
yet another NAT) can print to an IP address. For some reason a return address
that being behind a another NAT won't permit kills that. I have a vague idea
why, perhaps James can say it more definitively.

But I don't want outsiders, even if they somehow get past the firewall or
penetrate my wifi password, from accessing devices like the router or the
printer. So they have IP based ACL. So 'known' devices have static IPs to make
like more manageable.

OK, so its not earth-moving insurmountable security, but it is enough to
discourage a lot of the 'casual' and 'drive-past'.

--
A: Yes.
> Q: Are you sure?
>> A: Because it reverses the logical flow of conversation.
>>> Q: Why is top posting frowned upon?


--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >