firewalls

[Barry]

On 7/20/06, Terence J. Golightly <vze27hs6 at verizon.net> wrote:
> Greetings Barry,
>
> I'm familiar with your problem.  Did you resolve it?  If not, see below
> vvvv
>
> On Tue, 2006-07-18 at 18:54 -0400, Barry wrote:
> > On 7/18/06, Scott Kitterman <ubuntu at kitterman.com> wrote:
> > > On Tuesday 18 July 2006 15:39, Jeremy J. Swarm wrote:
> > >
> > > > Mark Shuttleworth uses HTML. it's ok, it's just annoying.
> > >
> > > That doesn't make it good netiquette on a mailing list.
> > >
> > > Scott K
> > >
> >
> > Mea culpa, mea culpa. I'm sorry. I didn't mean it. I rarely write
> > mails on gmail. I didn't notice the setting. I
> >
> > That said, I started this by asking for firewall suggestions; I chose
> > firehol and it's fine, except for one thing: it's logging every thing!
> > There's a Mac OS machine that broadcasts every few seconds  on 631 and
> > my log's filling up with it.
>
>
> That port is for cups.  I my experience there should be a config file
> that you can modify to tell cups not to broadcast.  I don't know how
> cups works on a Mac, but in Linux you can modify
> the /etc/cups/cupsd.conf or the /etc/cups/cups.d/browsing.conf file:
>
> Browsing Off
>
> FWIW, I did this when I was running Mandriva and wahla! no more messages
> filling up syslog.
>
> On the other end, I am not familiar with firehol.
>
> <snip>
>
> Regards,
>
> Terry
>
>

Yes, that would have fixed the problem,  but the owner of that machine
wants cups browsing.  It's clear that firehol gives you all the
control of logging that iptables gives you, but I haven't yet been
able to find a good example -- since I want the larger amount of
logging for most services.

Barry