The GNOME Printing utilities now auto-populate the print dialogs with printers found through service discovery. For a Desktop install we definitely need to have an option in the firewall tool for allowing print service discovery. [x] CUPS (Printing) This service also needs be checked off by default on desktop installs. Perhaps restricted to the local subnet since I believe the service discover cannot go beyond that anyway. CC'ing Walters and Matthias on this one too.
Do we even want to offer the option of blocking it?
My major concern here is that the print detection system works. Because of the interference from the firewall I assumed that this port had been shutoff for security reasons. However if we feel that always opening up the firewall for CUPS isn't a terrible security threat, then I'm fine with that since my major concern is taken care of. It will also give much less room for error in the firewall/printing setup.
I'm happy to do either - though have I missed the screen/string freeze for FC3t2. In which case I can open by default and then when I improve the add/remove trusted services ui for bug #124161 you'll get better configuration. This sound like a plan?
That sounds reasonable, but we definitely have to document that the firewall allows this by default, since the current default is to deny *everything* except a few ICMP packets, right?
Sounds reasonable to me too. Lets go with that.
this is a similar issue to bug 133478
paul, can we commit to opening this up and fix the UI issues later.
CUPS browsing should be enabled in latest s-c-securitylevel (you will have to update s-c-securitylevel-tui). A rebuild for another issue pulled it in so it just wasn't in the %changelog. Can someone with a cups setup test with configuring firewall with system-config-securitylevel-tui-1.4.9-1
Works for me with 1.4.10-1.