[opensuse] cups and init open port 631
Hi all, I have checked the open ports in my system and I have noted the following strange thing about port 631: orodruin:~ # netstat -npa|grep 631 tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1159/cupsd tcp 0 0 :::631 :::* LISTEN 1/init udp 0 0 0.0.0.0:631 0.0.0.0:* 1/init so it seems that for IPv4 TCP cups is listening on localhost but what about IPv6 or TCP? Why does port 631 belong to init? and how can I restrict it to listen only on localhost? Best, Andrea -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/13/2013 03:52 PM, Andrea Turrini pecked at the keyboard and wrote:
Hi all,
I have checked the open ports in my system and I have noted the following strange thing about port 631:
orodruin:~ # netstat -npa|grep 631 tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1159/cupsd tcp 0 0 :::631 :::* LISTEN 1/init udp 0 0 0.0.0.0:631 0.0.0.0:* 1/init
so it seems that for IPv4 TCP cups is listening on localhost but what about IPv6 or TCP? Why does port 631 belong to init? and how can I restrict it to listen only on localhost?
Best, Andrea
"it" (whatever that is) is already restricted to localhost, what else do you think it is connected to? -- Ken Schneider SuSe since Version 5.2, June 1998 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/13/2013 10:28 PM, Ken Schneider - openSUSE wrote:
On 08/13/2013 03:52 PM, Andrea Turrini pecked at the keyboard and wrote:
Hi all,
I have checked the open ports in my system and I have noted the following strange thing about port 631:
orodruin:~ # netstat -npa|grep 631 tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1159/cupsd tcp 0 0 :::631 :::* LISTEN 1/init udp 0 0 0.0.0.0:631 0.0.0.0:* 1/init
so it seems that for IPv4 TCP cups is listening on localhost but what about IPv6 or TCP? Why does port 631 belong to init? and how can I restrict it to listen only on localhost?
Best, Andrea
"it" (whatever that is) is already restricted to localhost, what else do you think it is connected to?
0.0.0.0 (and :: for IPv6) stands for all addresses, so why should "it" be restricted to localhost? Netstat says it is listening on all available interfaces, not only localhost (as happens for 127.0.0.1). Moreover, why does init is opening the IPP port for UDP and IPv6? I forgot to mention that this is openSUSE 12.3 with systemd. Best, Andrea -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
В Tue, 13 Aug 2013 23:29:12 +0200 Andrea Turrini <andrea.turrini@gmail.com> пишет:
On 08/13/2013 10:28 PM, Ken Schneider - openSUSE wrote:
On 08/13/2013 03:52 PM, Andrea Turrini pecked at the keyboard and wrote:
Hi all,
I have checked the open ports in my system and I have noted the following strange thing about port 631:
orodruin:~ # netstat -npa|grep 631 tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1159/cupsd tcp 0 0 :::631 :::* LISTEN 1/init udp 0 0 0.0.0.0:631 0.0.0.0:* 1/init
so it seems that for IPv4 TCP cups is listening on localhost but what about IPv6 or TCP? Why does port 631 belong to init? and how can I restrict it to listen only on localhost?
Best, Andrea
"it" (whatever that is) is already restricted to localhost, what else do you think it is connected to?
0.0.0.0 (and :: for IPv6) stands for all addresses, so why should "it" be restricted to localhost? Netstat says it is listening on all available interfaces, not only localhost (as happens for 127.0.0.1).
Moreover, why does init is opening the IPP port for UDP and IPv6?
I forgot to mention that this is openSUSE 12.3 with systemd.
CUPS is using socket activation under systemd, where systemd opens socket and starts service on demand when someone connects to it. If you do not use cups, just disable it: systemctl disable cups.socket systemctl stop cups.socket Check with systemctl status cups.socket -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
2013/8/14 Andrey Borzenkov <arvidjaar@gmail.com>:
CUPS is using socket activation under systemd, where systemd opens socket and starts service on demand when someone connects to it. If you do not use cups, just disable it:
systemctl disable cups.socket systemctl stop cups.socket
Check with
systemctl status cups.socket
I use cups as local only server to print on usb and network printers. If I disable cups.socket, then cups is no more started at boot even if cups.service is enabled. If I do a "systemctl start cups.service", then cups is started and it listens only on 127.0.0.1:631 and ::1:631. So, now the question is: how can I have cups started at boot without activating again the socket part? Or to restrict the sockets to accept connections from localhost only? Best, Andrea -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
В Wed, 21 Aug 2013 10:09:04 +0200 Andrea Turrini <andrea.turrini@gmail.com> пишет:
2013/8/14 Andrey Borzenkov <arvidjaar@gmail.com>:
CUPS is using socket activation under systemd, where systemd opens socket and starts service on demand when someone connects to it. If you do not use cups, just disable it:
systemctl disable cups.socket systemctl stop cups.socket
Check with
systemctl status cups.socket
I use cups as local only server to print on usb and network printers. If I disable cups.socket, then cups is no more started at boot even if cups.service is enabled. If I do a "systemctl start cups.service", then cups is started and it listens only on 127.0.0.1:631 and ::1:631.
So, now the question is: how can I have cups started at boot without activating again the socket part?
ln -s /usr/lib/systemd/system/cups.service /etc/systemd/system/default.target.wants/
Or to restrict the sockets to accept connections from localhost only?
cp /usr/lib/systemd/system/cups.socket /etc/systemd/system vi /etc/systemd/system/cups.socket to your hearts' content. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
2013/8/21 Andrey Borzenkov <arvidjaar@gmail.com>:
cp /usr/lib/systemd/system/cups.socket /etc/systemd/system vi /etc/systemd/system/cups.socket to your hearts' content.
Thanks. I used this and it works. Best, Andrea -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (3)
-
Andrea Turrini -
Andrey Borzenkov -
Ken Schneider - openSUSE