Author: jsmeix Date: Thu Jan 21 11:02:03 2010 New Revision: 60466 URL: http://svn.opensuse.org/viewcvs/yast?rev=60466&view=rev Log: Improved help text 'regarding firewall'. Modified: trunk/printer/src/helps.ycp Modified: trunk/printer/src/helps.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/printer/src/helps.ycp?rev=60466&r1=60465&r2=60466&view=diff ============================================================================== --- trunk/printer/src/helps.ycp (original) +++ trunk/printer/src/helps.ycp Thu Jan 21 11:02:03 2010 @@ -649,15 +649,22 @@ in which printers are published via network. By default the SuSEfirewall allows any incomming information via a network interface which belongs to the 'internal zone' -because this zone is trusted by default. -If the CUPS servers and your system are in a trusted internal network, -your network interface must be set to be in the 'internal zone'. -It does not make sense to have a network setup in a trusted internal network +because this zone is trusted by default.<br> +It does not make sense to do printing in a trusted internal network with a network interface which belongs to the untrusted 'external zone' (the latter is the default setting for network interfaces to be safe). -Do not disable firewall protection for CUPS +In particular do not disable firewall protection for CUPS (i.e. for IPP which uses TCP port 631 and UDP port 631) for the untrusted 'external zone'.<br> +To use remote printers in a trusted internal network +and be protected by the firewall against unwanted access +from any external network (in particular from the Internet), +assign the network interface which belongs to the internal network +to the internal zone of the firewall. +Use the YaST Firewall setup module to do this fundamental setup +to gain security plus usefulness in your network +and using remote printers in a trusted internal network +will work without any further firewall setup.<br> For details see the openSUSE support database article 'CUPS and SANE Firewall settings' at<br> http://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings @@ -713,20 +720,34 @@ // SharingDialog help 3/3: _("<p> Regarding firewall:<br> -Check if a firewall is active for a network zone in which printers -are made available via network to be used by trusted users -(nobody lets arbitrary users print on his printer). -By default the SuSEfirewall allows any access via a network interface -which belongs to the 'internal zone' because this zone is trusted by default. -If the CUPS server and the client systems are in an internal network -and when you trust all what there is in your internal network, -your network interface must be set to be in the 'internal zone'. -It does not make sense to have a network setup in a trusted internal network +A firewall is used to protect running server processes +(in this case the CUPS server process 'cupsd') +on your host against unwanted access via network.<br> +Printing via network happens in a trusted internal network +(nobody lets arbitrary users from whatever external network +print on his printer) and usually the users need +physical printer access to get their paper output.<br> +By default the SuSEfirewall lets any network traffic pass +via a network interface which belongs to the 'internal zone' +because this zone is trusted by default.<br> +It does not make sense to do printing in a trusted internal network with a network interface which belongs to the untrusted 'external zone' -which is the default setting for network interfaces to be safe. +(the latter is the default setting for network interfaces to be safe). Do not disable firewall protection for CUPS (i.e. for IPP which uses TCP port 631 and UDP port 631) -for the untrusted 'external zone'. +for the untrusted 'external zone'.<br> +To make printers accessible in a trusted internal network +and be protected by the firewall against unwanted access +from any external network (in particular from the Internet), +assign the network interface which belongs to the internal network +to the internal zone of the firewall. +Use the YaST Firewall setup module to do this fundamental setup +to gain security plus usefulness in your network and +sharing printers in a trusted internal network +will work without any further firewall setup.<br> +For details see the openSUSE support database +article 'CUPS and SANE Firewall settings' at<br> +http://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings </p>"), "policies" : -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org