The GNOME Printing utilities now auto-populate the print dialogs with
printers found through service discovery. For a Desktop install we
definitely need to have an option in the firewall tool for allowing
print service discovery. [x] CUPS (Printing)
This service also needs be checked off by default on desktop installs.
Perhaps restricted to the local subnet since I believe the service
discover cannot go beyond that anyway.
CC'ing Walters and Matthias on this one too.
Do we even want to offer the option of blocking it?
My major concern here is that the print detection system works.
Because of the interference from the firewall I assumed that this port
had been shutoff for security reasons. However if we feel that always
opening up the firewall for CUPS isn't a terrible security threat,
then I'm fine with that since my major concern is taken care of. It
will also give much less room for error in the firewall/printing setup.
I'm happy to do either - though have I missed the screen/string freeze
for FC3t2. In which case I can open by default and then when I
improve the add/remove trusted services ui for bug #124161 you'll get
This sound like a plan?
That sounds reasonable, but we definitely have to document that the
firewall allows this by default, since the current default is to deny
*everything* except a few ICMP packets, right?
Sounds reasonable to me too. Lets go with that.
this is a similar issue to bug 133478
paul, can we commit to opening this up and fix the UI issues later.
CUPS browsing should be enabled in latest s-c-securitylevel (you will
have to update s-c-securitylevel-tui). A rebuild for another issue
pulled it in so it just wasn't in the %changelog.
Can someone with a cups setup test with configuring firewall with
Works for me with 1.4.10-1.