Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 131745 - firewall doesn't allow for printer service discovery
Summary: firewall doesn't allow for printer service discovery
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: system-config-securitylevel
Version: 3
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Paul Nasrat
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 131589
TreeView+ depends on / blocked
 
Reported: 2004-09-03 20:29 UTC by Bryan W Clark
Modified: 2007-11-30 22:10 UTC (History)
3 users (show)

Fixed In Version: 1.4.10-1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2004-10-13 19:42:21 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Bryan W Clark 2004-09-03 20:29:39 UTC 
The GNOME Printing utilities now auto-populate the print dialogs with
printers found through service discovery.  For a Desktop install we
definitely need to have an option in the firewall tool for allowing
print service discovery. [x] CUPS (Printing)

This service also needs be checked off by default on desktop installs.
 Perhaps restricted to the local subnet since I believe the service
discover cannot go beyond that anyway.

CC'ing Walters and Matthias on this one too.
Comment 1 Bill Nottingham 2004-09-03 22:43:31 UTC 
Do we even want to offer the option of blocking it?
Comment 2 Bryan W Clark 2004-09-07 15:24:39 UTC 
My major concern here is that the print detection system works.

Because of the interference from the firewall I assumed that this port
had been shutoff for security reasons.  However if we feel that always
opening up the firewall for CUPS isn't a terrible security threat,
then I'm fine with that since my major concern is taken care of.  It
will also give much less room for error in the firewall/printing setup.
Comment 3 Paul Nasrat 2004-09-14 09:55:28 UTC 
I'm happy to do either - though have I missed the screen/string freeze
for FC3t2.  In which case I can open by default and then when I
improve the add/remove trusted services ui for bug #124161 you'll get
better configuration.

This sound like a plan?
Comment 4 Colin Walters 2004-09-14 13:07:09 UTC 
That sounds reasonable, but we definitely have to document that the
firewall allows this by default, since the current default is to deny
*everything* except a few ICMP packets, right?
Comment 5 Bryan W Clark 2004-09-14 17:39:58 UTC 
Sounds reasonable to me too.  Lets go with that.
Comment 6 Bryan W Clark 2004-09-24 20:24:12 UTC 
this is a similar issue to bug 133478
Comment 7 Bryan W Clark 2004-10-13 15:39:24 UTC 
paul, can we commit to opening this up and fix the UI issues later.
Comment 8 Paul Nasrat 2004-10-13 16:47:39 UTC 
CUPS browsing should be enabled in latest s-c-securitylevel (you will
have to update s-c-securitylevel-tui).  A rebuild for another issue
pulled it in so it just wasn't in the %changelog.

Can someone with a cups setup test with configuring firewall with 
system-config-securitylevel-tui-1.4.9-1
Comment 9 Bill Nottingham 2004-10-13 19:42:21 UTC 
Works for me with 1.4.10-1.
Note You need to log in before you can comment on or make changes to this bug.