[Nix-dev] Enabling CUPS unconditionally allows UDP/631 on the firewall
Domen Kožar
domen at dev.si
Tue Nov 12 12:36:59 CET 2013
To make the question more general: should services by default open needed
firewall ports and should there be a global setting to turn that behaviour
off?
On Tue, Nov 12, 2013 at 12:24 PM, Pablo Costa <modulistic at gmail.com> wrote:
> Hello,
>
> on nixpkgs/nixos/modules/services/printing/cupsd.nix there is this line:
>
> 226 # Allow CUPS to receive IPP printer announcements via UDP.
> 227 networking.firewall.allowedUDPPorts = [ 631 ];
>
> which results on this rule in the nixos-fw chain:
>
> nixos-fw-accept udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
>
> I would expect a way to disable this default behaviour, e.g. a boolean
> value such as:
> services.printing.{listen|accept}NetworkAnnouncements
> or
> services.printing.openFirewall
>
> How do you feel about this?
>
> Thanks!
> pablo
>
>
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20131112/2fb9184b/attachment.html
More information about the nix-dev
mailing list