-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday, 2009-12-22 at 14:56 +0100, Johannes Meixner wrote:
... open the firewall, which, if I recall correctly, YaST does.
The YaST printer module does not open ports in the firewall because whenever you need it for printing in the network, you are in a problematic network environment (nobody lets arbitraty users print on his printer).
Trusted networks should have well separated network interfaces so that those network interfaces can be assigned to the INT zone to have the trusted network well separated from the rest, see "Regarding firewall" at http://en.opensuse.org/SDB:CUPS_in_a_Nutshell
Mmmm. However, I always set up the firewall for the internal network, too. Or, when the internal network is connected to internet via a not very good router (like those given by the ISP) I consider the internal network to be external, to be a bit on the paranoid side. Thus, if I need to share a printer, I have to open the firewall, at least, for a range of IPs. Otherwise, I would need two eths on each computer, or set up a good firewall to internet. All those solutions cost money.
Anything else is a problematic mix-up of trusted and non-trusted stuff in one same network environment. E.g. when both the internal network and the connection to the Internet happens via one same "router-box" device. In such a case this device is the crucial point (in particular the point of possible failure) regarding network security.
Such kind of firewall setup to deal with such cases must be done via yast2-firewall which is THE tool for any more sophisticated firewall setup.
At least, YaST cups setup tool can remind the user that perhaps the firewall needs to be opened at such port. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAksw/3wACgkQtTMYHG2NR9XE+QCgjShfvWGUv5+R+ckYdprGnBs/ OhMAniV9ySguKkwMSr7E05NCkVw+RDlg =vS1e -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org