From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.3) Gecko/20041026 Firefox/1.0RC1 Description of problem: I configured my printer with system-config-printer. It added the following lines to /etc/cups/cupsd.conf: <Location /printers/hp4plus> Order Deny,Allow Deny From All Allow From 127.0.0.1 AuthType None </Location> <Location /> Order Deny,Allow Deny From All Allow From 127.0.0.1 </Location> Browsing On BrowseProtocols cups BrowseOrder Deny,Allow BrowseAllow from @LOCAL Listen 127.0.0.1:631 The configuration file contains no other Listen or Port directives. However, according to netstat: tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN udp 0 0 0.0.0.0:631 0.0.0.0:* CUPS seems to be ignoring the Listen directive for its UDP port. I don't know if this is related to browsing, but specifying a BrowseAddress doesn't make a difference (CUPS still binds to all interfaces). Version-Release number of selected component (if applicable): cups-1.1.20-11.6 How reproducible: Always Steps to Reproduce: 1. Configure CUPS with system-config-printer. 2. netstat -na | grep 631 Actual Results: CUPS TCP port listens to specified interface and port, but UDP port listens to all interfaces on the specified port. Expected Results: CUPS should only listen on the specified interface. Additional info:
The Listen directive is for IPP connections (i.e. TCP). The BrowseAllow/BrowseDeny directives are what you want.
The CUPS UDP port listens on all interfaces regardless of the BrowseAllow and BrowseDeny directives. I don't think this is as secure as it can be. CUPS should either use the Listen directive and listen on those interfaces for both TCP and UDP or figure out which interfaces to listen on using the Browse directives (probably tricky).
Tracking this upstream: http://www.cups.org/str.php?L992