Mailinglist Archive: opensuse (783 mails)

< Previous Next >
Re: [opensuse] Why I'm not absolutely using CUPS
On 2017-10-09 18:35, Anton Aylward wrote:
On 09/10/17 11:48 AM, Carlos E. R. wrote:
On 2017-10-09 17:45, Anton Aylward wrote:
It can also simplify ACLs.
Personally I hate the idea of early binding ACLs but sometimes it is very
useful.

I can tell my printer to refuse any device on the network that isn't my PC,
my
phone or or my laptop or my tablet. It is a simple security hack.

This could be interesting to force anybody in a network going to print
to do it via the cups server instead of directly to the printer.

How do you do that?

Maybe on a different thread.

Well CUPS has its own ACL

I did try installing CUPS for Android on my devices but either I couldn't get
it
configured or it was broken, so tablet -> cups server -> printer is a a No-Go.

However the tablet and the phone, when on the same network (as opposed off on
yet another NAT) can print to an IP address. For some reason a return address
that being behind a another NAT won't permit kills that. I have a vague idea
why, perhaps James can say it more definitively.

But I don't want outsiders, even if they somehow get past the firewall or
penetrate my wifi password, from accessing devices like the router or the
printer. So they have IP based ACL. So 'known' devices have static IPs to
make
like more manageable.

OK, so its not earth-moving insurmountable security, but it is enough to
discourage a lot of the 'casual' and 'drive-past'.

I must say I'm baffled, I don't understand it.
Do you have a link to a quick read on this? ACLs on a network?

--
Cheers / Saludos,

Carlos E. R.

(from 42.2 x86_64 "Malachite" (Minas Tirith))

< Previous Next >
Follow Ups
References