In this forum under 'localhost:631: printer problem (solved)', thread 87, Trihexagonal suggested that I add the undermentioned code to get my HP printer working. This suggestion came from him after numerous users attempted helpful replies to my posts for help. His suggestion was remarkably helpful & successful. Why! Because it contained information that as a new user I seemingly would never have become aware of, and especially given he said he was not using cups.
I invite Trihexagonal or others to tell me how a new user would would be able to find out that the specifics of this particular code are, in fact, probably the only viable fix. Is the answer buried in the manual or some other BSD documentation?
As such my current thoughts, (and you may be easily able to disabuse me), is that there should be, at least, some rudimentary lead-in to printer setups in the OS setup. However, it seems this would be a no no, and go against the grain of a longstanding traditionally established setup procedures for linux/unix.
I would be interested in your thoughts.
I invite Trihexagonal or others to tell me how a new user would would be able to find out that the specifics of this particular code are, in fact, probably the only viable fix. Is the answer buried in the manual or some other BSD documentation?
As such my current thoughts, (and you may be easily able to disabuse me), is that there should be, at least, some rudimentary lead-in to printer setups in the OS setup. However, it seems this would be a no no, and go against the grain of a longstanding traditionally established setup procedures for linux/unix.
I would be interested in your thoughts.
Code:
### CUPS_pf_rules_included
### Macro name for external interface
ext_if = "em0"
netbios_tcp = "{ 22, 23, 25, 110, 111, 123, 512, 513, 514, 515, 6000, 6010 }"
netbios_udp = "{ 123, 512, 513, 514, 515, 5353, 6000, 6010 }"
### Allow CUPS to use tcp ports 80 and udp port 631
cups_tcp = "{ 80, 631 }"
cups_udp = "{ 631 }"
### Allow CUPS to be accessible (change to your other machines ifconfig -a LAN designation )
table <local> { 192.168.1.104 }
### Reassemble fragmented packets
scrub in on $ext_if all fragment reassemble
### Default deny everything
block log all
### Pass loopback
set skip on lo0
### Allow LAN to talk to CUPS on your machine
pass in log quick from <local> to any keep state
### Block spooks
antispoof for lo0
antispoof for $ext_if inet
block in from no-route to any
block in from urpf-failed to any
block in quick on $ext_if from any to 255.255.255.255
block in log quick on $ext_if from { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 255.255.255.255/32 } to any
### Block all IPv6
block in quick inet6 all
block out quick inet6 all
### Block to and from port 0
block quick proto { tcp, udp } from any port = 0 to any
block quick proto { tcp, udp } from any to any port = 0
### Block specific ports
block in quick log on $ext_if proto tcp from any to any port $netbios_tcp
block in quick log on $ext_if proto udp from any to any port $netbios_udp
### Allow CUPS to talk to clients on LAN
pass out log on $ext_if proto tcp to any port $cups_tcp keep state
pass out log on $ext_if proto udp to any port $cups_udp keep state
### Keep and modulate state of outbound tcp, udp and icmp traffic
pass out on $ext_if proto { tcp, udp, icmp } from any to any modulate state