Bug 617748

Summary: YaST2 Printer [share printers] lacking "open port in firewall" checkbox.
Product: [openSUSE] openSUSE 11.2 Reporter: Pascal Bakhuis <pBakhuis>
Component: YaST2Assignee: Michal Zugec <mzugec>
Status: RESOLVED INVALID QA Contact: Jiri Srain <jsrain>
Severity: Enhancement    
Priority: P5 - None CC: jsmeix
Version: Final   
Target Milestone: ---   
Hardware: All   
OS: openSUSE 11.2   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: Displays the inconsistency between open firewall port messages in different YaST2 modules.

Description Pascal Bakhuis 2010-06-27 18:32:47 UTC 
User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.9) Gecko/20100317 SUSE/3.5.9-0.1.1 Firefox/3.5.9

The YaST2 printer module is displaying the text "If a firewall is used, check that remote access to cups is allowed via IPP on port 631". In other windows (http server/samba server) a checkbox is shown with the text "Open port in firewall" along with if the port is open or not and a "Firewall details" button.

So for the sake of consistency and ease of use the same checkbox should be added to the printer / share printer window / screen.

Reproducible: Always
Comment 1 Pascal Bakhuis 2010-06-27 18:34:45 UTC 
Created attachment 371976 [details]
Displays the inconsistency between open firewall port messages in different YaST2 modules.
Comment 2 Jozef Uhliarik 2010-06-28 06:57:43 UTC 
Miso it is for you.
Comment 3 Johannes Meixner 2010-06-28 07:31:47 UTC 
There is intentionally no function to open
any ports in the firewall regarding printing
in the YaST printer module because in the
normal use cases opening ports regarding printing
results a security hole and I will not provide
easy-to-use functions which results in the
normal use cases a security hole

Therefore this enhancement request is invalid.

If you think you need to open any port in the firewall
regarding printing, your basic network and firewall setup
is very likely not correct (it may work for you but it is
very likely not both working _and_ secure).

For background information and details, see
http://en.opensuse.org/SDB%3ACUPS_and_SANE_Firewall_settings

If you have intentionally set up a very special network environment
with a matching special firewall setup where you may actually need
to open ports in the firewall regarding printing, you must use
the YaST firewall module for such a special firewall setup.
Comment 4 Johannes Meixner 2010-06-29 09:14:37 UTC 
FYI:

See
https://bugzilla.novell.com/show_bug.cgi?id=468426#c8
why it has become impossible in practice to call functions
of yast2-firewall to implement a reliable working firewall
setup in yast2-printer.

The hardcoded text "If a firewall is used, check that remote
access to cups is allowed via IPP on port 631" is already
removed, see bug 549065.

After bug 549065 the help texts were simplified and contain links to
http://en.opensuse.org/SDB%3ACUPS_and_SANE_Firewall_settings

Furthermore see "Regarding comment..." in
https://bugzilla.novell.com/show_bug.cgi?id=610327#c6