Hi, I upgraded my desktop computer to OS13.1. I have a problem with SuSEfirewall2. My NIC is in the "External zone". To have available the printers of my CUPS-server I want to open the IPP-port of the firewall. This seems not to work. When I disable the firewall, I see the printers. When I enable the firewall, they disappear. For my that's a problem with the firewall. This is what I did : In /etc/sysconfig/SuSEfirewall2.d/services I added ipp: ## Name: IPP (cups) ## Description: Opens ports for Internet Prining Protocol (CUPS). # # For a more detailed description of the individual variables see # the comments for FW_SERVICES_*_EXT in /etc/sysconfig/SuSEfirewall2 # # space separated list of allowed TCP ports TCP="ipp" # space separated list of allowed UDP ports UDP="ipp" # space separated list of allowed RPC services RPC="" # space separated list of allowed IP protocols IP="" # space separated list of allowed UDP broadcast ports BROADCAST="" Then in Yast/Firewall/Allowed Services I did add IPP(cups) to the allowed services for the external zone. I save that configuration. This is the result (/etc/sysconfig/SuSEfirewall2 : # grep -v \# SuSEfirewall2 FW_DEV_EXT="enp2s0" FW_DEV_INT="" FW_DEV_DMZ="" FW_ROUTE="no" FW_MASQUERADE="no" FW_MASQ_DEV="" FW_MASQ_NETS="" FW_NOMASQ_NETS="" FW_PROTECT_FROM_INT="no" FW_SERVICES_EXT_TCP="" FW_SERVICES_EXT_UDP="" FW_SERVICES_EXT_IP="" FW_SERVICES_EXT_RPC="" FW_CONFIGURATIONS_EXT="ipp sshd" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_DMZ_RPC="" FW_CONFIGURATIONS_DMZ="sshd" FW_SERVICES_INT_TCP="" FW_SERVICES_INT_UDP="" FW_SERVICES_INT_IP="" FW_SERVICES_INT_RPC="" FW_CONFIGURATIONS_INT="sshd" FW_SERVICES_DROP_EXT="" FW_SERVICES_DROP_DMZ="" FW_SERVICES_DROP_INT="" FW_SERVICES_REJECT_EXT="" FW_SERVICES_REJECT_DMZ="" FW_SERVICES_REJECT_INT="" FW_SERVICES_ACCEPT_EXT="" FW_SERVICES_ACCEPT_DMZ="" FW_SERVICES_ACCEPT_INT="" FW_SERVICES_ACCEPT_RELATED_EXT="" FW_SERVICES_ACCEPT_RELATED_DMZ="" FW_SERVICES_ACCEPT_RELATED_INT="" FW_TRUSTED_NETS="" FW_FORWARD="" FW_FORWARD_REJECT="" FW_FORWARD_DROP="" FW_FORWARD_MASQ="" FW_REDIRECT="" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="yes" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_LOG_LIMIT="" FW_LOG="" FW_KERNEL_SECURITY="" FW_STOP_KEEP_ROUTING_STATE="" FW_ALLOW_PING_FW="" FW_ALLOW_PING_DMZ="" FW_ALLOW_PING_EXT="" FW_ALLOW_FW_SOURCEQUENCH="" FW_ALLOW_FW_BROADCAST_EXT="no" FW_ALLOW_FW_BROADCAST_INT="no" FW_ALLOW_FW_BROADCAST_DMZ="no" FW_IGNORE_FW_BROADCAST_EXT="yes" FW_IGNORE_FW_BROADCAST_INT="no" FW_IGNORE_FW_BROADCAST_DMZ="no" FW_ALLOW_CLASS_ROUTING="" FW_CUSTOMRULES="" FW_REJECT="" FW_REJECT_INT="" FW_HTB_TUNE_DEV="" FW_IPv6="" FW_IPv6_REJECT_OUTGOING="" FW_IPSEC_TRUST="no" FW_ZONES="" FW_ZONE_DEFAULT='' FW_USE_IPTABLES_BATCH="" FW_LOAD_MODULES="nf_conntrack_netbios_ns" FW_FORWARD_ALWAYS_INOUT_DEV="" FW_FORWARD_ALLOW_BRIDGING="" FW_WRITE_STATUS="" FW_RUNTIME_OVERRIDE="" FW_LO_NOTRACK="" FW_BOOT_FULL_INIT="" # iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate ESTABLISHED ACCEPT icmp -- anywhere anywhere ctstate RELATED input_ext all -- anywhere anywhere LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-IN-ILL-TARGET " DROP all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-FWD-ILL-ROUTING " Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere Chain forward_ext (0 references) target prot opt source destination Chain input_ext (1 references) target prot opt source destination DROP all -- anywhere anywhere PKTTYPE = broadcast ACCEPT icmp -- anywhere anywhere icmp source-quench ACCEPT icmp -- anywhere anywhere icmp echo-request LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ipp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix "SFW2-INext-ACC-TCP " ACCEPT tcp -- anywhere anywhere tcp dpt:ipp LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix "SFW2-INext-ACC-TCP " ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT udp -- anywhere anywhere udp dpt:ipp LOG all -- anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix "SFW2-INext-DROP-DEFLT " DROP all -- anywhere anywhere PKTTYPE = multicast DROP all -- anywhere anywhere PKTTYPE = broadcast LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-INext-DROP-DEFLT " DROP all -- anywhere anywhere Chain reject_func (0 references) target prot opt source destination REJECT tcp -- anywhere anywhere reject-with tcp-reset REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable What is wrong ? A while ago I already asked this, but then it was on OS12.3. Thanks for any pointers. Koenraad -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org