openSUSE 11.4, CUPS, and the firewall

Two topics:

1. Under openSUSE 11.2, I allowed printer sharing through CUPS by setting the Firewall to Allow Services of CUPS in the External Zone section. I don’t see the CUPS option in the Allow Services of the Firewall under 11.4, any zone. Is my system missing something?

2. If I turn off the Firewall, the client computer can see the printers, even get the broadcasted names. If I put port 631 in TCP of the Advanced setting of the External Zone, the client computer can see the printer too, but I know I read somewhere that putting 631 in the External Zone is basically allowing printer requests from the entire internet. Is that true? Or does the settings in Printers to only allow local network computers access stop that from happening?

I’d like to share the printer on my local network only.

Thanks!

The firewall services are configured as per external zone. More on that here:

SuSEfirewall2: HowTo Firewall a Suse / openSUSE Workstation for LAN Network Traffic

Printer sharing via Linux tutorial:

Printer Sharing: Samba Print Server for Suse/openSUSE Linux & Windows Clients

I think CUPS is locked down fairly well via settings in /etc/cups/cupsd.conf

man cupsd.conf

cupsd.conf Documentation
for more info.

1. CUPS isn’t listed under Allowed Services in 11.4, as least in my install, and I added port 631 to TCP under the Advanced tab for External Zone.

2. According to the reference docs, I shouldn’t fear opening port 631 for External Zone network interfaces.

Thanks Deano!