Having port 631 opened is not necessary for printing, as a client. Remote device enumeration is done using mDNS, not using the old CUPS protocol.
Created attachment 902962 [details] 0001-Remove-ipp-client-from-various-zones.patch
Print clients never need to accept connections on TCP port 631: only print servers do. Some sites require print clients to receive packets on UDP port 631 for discovery. Those are: sites that have print servers unable to use mDNS for discovery (including e.g. Red Hat Enterprise Linux 6); and sites that do not allow mDNS on their network. Such sites use the cups-browsed service, to continue using either the UDP port 631 discovery protocol or the BrowsePoll functionality, in which specified servers are periodically queried over TCP port 631.
Thanks, I was also thinking about it some time ago but then forgot about it :( removed upstream with: https://git.fedorahosted.org/cgit/firewalld.git/commit/?id=43b23437329dcce92e6a9f518627925d348da538 It'd be nice to sanitize the update that people using cups-browsed won't hit a regression with update to next version of firewalld. I've been thinking about adding this scriptlet to %post - we can remove it later with some next release. %post # allow ipp-client service in active home/internal/work if cups-browsed is enabled if [ $1 -eq 2 && systemctl is-enabled cups-browsed ]; then ZONES=( 'home' 'internal' 'work' ) N_ZONES=${#ZONES[@]} for (( i=0;i<$N_ZONES;i++)); do zone=${ZONES[${i}]} [[ $(firewall-cmd --get-active-zones) = *${zone}* ]] && firewall-cmd --permanent --zone ${zone} --add-service "ipp-client" done fi
firewalld-0.3.11-1.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/firewalld-0.3.11-1.fc20
Package firewalld-0.3.11-1.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing firewalld-0.3.11-1.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-9609/firewalld-0.3.11-1.fc20 then log in and leave karma (feedback).
Package firewalld-0.3.11-2.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing firewalld-0.3.11-2.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-9609/firewalld-0.3.11-2.fc20 then log in and leave karma (feedback).
Package firewalld-0.3.11-3.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing firewalld-0.3.11-3.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-9609/firewalld-0.3.11-3.fc20 then log in and leave karma (feedback).
firewalld-0.3.11-3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.