On 12 November 2013 12:24, Pablo Costa <[email protected]> wrote: on nixpkgs/nixos/modules/services/printing/cupsd.nix there is this line: > > 226 # Allow CUPS to receive IPP printer announcements via UDP. > 227 networking.firewall.allowedUDPPorts = [ 631 ]; > > which results on this rule in the nixos-fw chain: > > nixos-fw-accept udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631 > > I would expect a way to disable this default behaviour > [...] >
In fact this might be a bigger question to consider, as e.g. services.bacula-fd does not take the firewall into consideration. Do you consider that closing 631 would be "crippling" CUPS? Perhaps the easiest approach would be to decouple firewall configuration from service configuration. Although this would require changes on deployed systems that rely on 631/UDP being open. I would love if you shared your thoughts on this. Cheers, pablo
_______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
