On 2017-10-09 18:35, Anton Aylward wrote:
On 09/10/17 11:48 AM, Carlos E. R. wrote:
On 2017-10-09 17:45, Anton Aylward wrote:
It can also simplify ACLs. Personally I hate the idea of early binding ACLs but sometimes it is very useful.
I can tell my printer to refuse any device on the network that isn't my PC, my phone or or my laptop or my tablet. It is a simple security hack.
This could be interesting to force anybody in a network going to print to do it via the cups server instead of directly to the printer.
How do you do that?
Maybe on a different thread.
Well CUPS has its own ACL
I did try installing CUPS for Android on my devices but either I couldn't get it configured or it was broken, so tablet -> cups server -> printer is a a No-Go.
However the tablet and the phone, when on the same network (as opposed off on yet another NAT) can print to an IP address. For some reason a return address that being behind a another NAT won't permit kills that. I have a vague idea why, perhaps James can say it more definitively.
But I don't want outsiders, even if they somehow get past the firewall or penetrate my wifi password, from accessing devices like the router or the printer. So they have IP based ACL. So 'known' devices have static IPs to make like more manageable.
OK, so its not earth-moving insurmountable security, but it is enough to discourage a lot of the 'casual' and 'drive-past'.
I must say I'm baffled, I don't understand it. Do you have a link to a quick read on this? ACLs on a network? -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" (Minas Tirith))