Ubuntu
cups package

Bug #264333
Comment #21

Comment 21 for bug 264333

Revision history for this message

Bob Blanchard (blabj) wrote on 2010-01-05:

#21

This problem rears its head in many applications. Some WINE apps, for example, try to connect to ALL defined cups printers (regardless of whether they are set as default, or were the "last-used" printer), and hang, waiting for connection to remote printer which isn't connected. Another example is "vym", which won't even start if it cannot connect to ALL printers.. see https://bugzilla.novell.com/show_bug.cgi?id=418439 ...

Some apps will timeout, but some seem to hang forever (Adobe acrobat).

MacOS uses CUPS - I wonder how it handles the same situation??

Anyway, the best solution I could find so far is based on what was posted above by Sangala. IE. a script that checks which printer is accessible and IF NOT, rejects packets destined there.

I toyed with the idea of having a script which actually removed the printer from cups (lpadmin -x), but re-creating the printer is a little more involved, and it seems like overkill. Unfortunately disabling or rejecting the printer within CUPS, does not stop it from broadcasting the printer to requesting applications.

Anyway, I simplified Sangala's script (removing requirement for MAC) and put it in cron to run every 5 minutes (this is on a server running 24x7 with some off and on VPN connected printers):

#!/bin/bash

PINGTIME=3
PINGCOUNT=1
PINGCMD="/bin/ping"

processByPing(){
  if [ $# -eq 2 ]; then
    $PINGCMD -c $PINGCOUNT -q -W $PINGTIME $1 > /dev/null
    if [ $? = 0 ]; then
       iptables -D OUTPUT -p tcp -d $1 --dport $2 -j REJECT &> /dev/null
       #"Printer on IP: $1 port: $2 is accessible"
    else
      iptables -D OUTPUT -p tcp -d $1 --dport $2 -j REJECT &> /dev/null
      iptables -I OUTPUT -p tcp -d $1 --dport $2 -j REJECT &> /dev/null
      #"Printer on IP: $1 port: $2 is NOT accessible"
    fi
  else
    echo "Bad parameters"
  fi
}

#Detect remote printers
#every remote printer server or printers
#1st IP addres
#2nd port

processByPing 10.8.0.62 631 #vpn connected printer #1
processByPing 10.8.0.74 631 #vpn connected printer #2

exit 0

I saved it as /usr/local/sbin/reject-remote-printers (and chmod 744) and added this to cron:

*/5 * * * * /usr/local/sbin/reject-remote-printers

This way, within 5 mintues of VPN users connecting, their printers are able to receive packets... and within 5 minutes of disconnecting, the packets are rejected.

Thanks Sangala for the idea! It maybe convoluted, but it works!!

This problem rears its head in many applications.  Some WINE apps, for example, try to connect to ALL defined cups printers (regardless of whether they are set as default, or were the "last-used" printer), and hang, waiting for connection to remote printer which isn't connected.  Another example is "vym", which won't even start if it cannot connect to ALL printers.. see https://bugzilla.novell.com/show_bug.cgi?id=418439 ...

Some apps will timeout, but some seem to hang forever (Adobe acrobat).

MacOS uses CUPS - I wonder how it handles the same situation??

Anyway, the best solution I could find so far is based on what was posted above by Sangala.  IE. a script that checks which printer is accessible and IF NOT, rejects packets destined there.

I toyed with the idea of having a script which actually removed the printer from cups (lpadmin -x), but re-creating the printer is a little more involved, and it seems like overkill.  Unfortunately disabling or rejecting the printer within CUPS, does not stop it from broadcasting the printer to requesting applications.

Anyway, I simplified Sangala's script (removing requirement for MAC) and put it in cron to run every 5 minutes (this is on a server running 24x7 with some off and on VPN connected printers):

#!/bin/bash

PINGTIME=3
PINGCOUNT=1
PINGCMD="/bin/ping"

#Detect remote printers
#every remote printer server or printers
#1st IP addres
#2nd port

processByPing 10.8.0.62 631  #vpn connected printer #1
processByPing 10.8.0.74 631  #vpn connected printer #2

exit 0

I saved it as /usr/local/sbin/reject-remote-printers  (and chmod 744) and added this to cron:

*/5 * * * * /usr/local/sbin/reject-remote-printers

This way, within 5 mintues of VPN users connecting, their printers are able to receive packets... and within 5 minutes of disconnecting, the packets are rejected.

Thanks Sangala for the idea!  It maybe convoluted, but it works!!

Ubuntucups package

Comment 21 for bug 264333

Ubuntu
cups package