lpd
Edward Glowacki
glowack2@msu.edu
Fri, 24 Aug 2001 10:01:00 -0400
Quoted from Paul_Melson@keykertusa.com on Fri, Aug 24, 2001 at 09:18:44AM -0400:
> >the answer is:
> >
> >add the following line to /etc/lpd.conf:
> >forcelocalhost@
>
> I think that this still leaves the socket open, it just denies the
> queueing of any jobs. If security is the main concern (eg. buffer
> overflows, DoS attacks), it's probably best to just use something like
> `ipchains -A input -p tcp -s 0.0.0.0/0 -d [external ip]/32 515 -j REJECT
> -l` in combination with 'forcelocalhost@' to prevent abuse.
When you run it like this, there's no need to even start LPD.
Here's how things look on my FreeBSD box right now (with some
irrelevant stuff from sockstat removed):
#sockstat -4
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
root sshd 38201 3 tcp4 *:22 *:*
root XFree86 68908 1 tcp4 *:6000 *:*
root arlad 59241 4 udp4 *:4711 *:*
# ps ax |grep lpd
39750 pg S+ 0:00.00 grep lpd
# lpr /etc/rc.conf
# (a piece of paper came out of the printer with /etc/rc.conf on it...)
This is for a networked printer that has a printserver, so my
/etc/printcap has a host to connect to:
# more /etc/printcap
lp|printerX:\
:lp=:rp=printerX:rm=printerX.foo.bar.com:\
:sh:mx#0:
:sd=/var/spool/printerX:
(rp= is the printer name, rm= is the remote machine, in this case
the printer itself)
So you don't have to worry about sockets at all... =)
--
Edward Glowacki glowack2@msu.edu
Michigan State University
"...a partial solution to the right problem is better than a complete
solution to the wrong one." (http://uiweb.com/issues/issue14.htm)