Bug 1105639
| Summary: | Remove ipp-client from various zones | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Bastien Nocera <bnocera> | ||||
| Component: | firewalld | Assignee: | Thomas Woerner <twoerner> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | rawhide | CC: | jpopelka, mkasik, twaugh, twoerner | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | firewalld-0.3.11-3.fc20 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2014-09-13 06:52:15 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
Bastien Nocera
2014-06-06 15:33:56 UTC
Created attachment 902962 [details]
0001-Remove-ipp-client-from-various-zones.patch
Print clients never need to accept connections on TCP port 631: only print servers do. Some sites require print clients to receive packets on UDP port 631 for discovery. Those are: sites that have print servers unable to use mDNS for discovery (including e.g. Red Hat Enterprise Linux 6); and sites that do not allow mDNS on their network. Such sites use the cups-browsed service, to continue using either the UDP port 631 discovery protocol or the BrowsePoll functionality, in which specified servers are periodically queried over TCP port 631. Thanks, I was also thinking about it some time ago but then forgot about it :( removed upstream with: https://git.fedorahosted.org/cgit/firewalld.git/commit/?id=43b23437329dcce92e6a9f518627925d348da538 It'd be nice to sanitize the update that people using cups-browsed won't hit a regression with update to next version of firewalld. I've been thinking about adding this scriptlet to %post - we can remove it later with some next release. %post # allow ipp-client service in active home/internal/work if cups-browsed is enabled if [ $1 -eq 2 && systemctl is-enabled cups-browsed ]; then ZONES=( 'home' 'internal' 'work' ) N_ZONES=${#ZONES[@]} for (( i=0;i<$N_ZONES;i++)); do zone=${ZONES[${i}]} [[ $(firewall-cmd --get-active-zones) = *${zone}* ]] && firewall-cmd --permanent --zone ${zone} --add-service "ipp-client" done fi firewalld-0.3.11-1.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/firewalld-0.3.11-1.fc20 Package firewalld-0.3.11-1.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing firewalld-0.3.11-1.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-9609/firewalld-0.3.11-1.fc20 then log in and leave karma (feedback). Package firewalld-0.3.11-2.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing firewalld-0.3.11-2.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-9609/firewalld-0.3.11-2.fc20 then log in and leave karma (feedback). Package firewalld-0.3.11-3.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing firewalld-0.3.11-3.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-9609/firewalld-0.3.11-3.fc20 then log in and leave karma (feedback). firewalld-0.3.11-3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. |