[sane-devel] iptables and saned network scanner / xinetd saned groups

Jelle de Jong jelledejong at powercraft.nl
Wed Sep 24 10:05:22 UTC 2008

Hash: SHA1

Jelle de Jong wrote:
> Dear list members,
> This is my first email to this specific list, so let me say hello to you
> all and thank you for your work on the sane-project.
> I am trying to build a saned network scanner. I figured out a lot of
> things on my own, but got stuck on the required secure iptable rules.
> Would somebody be willing to take a look at my iptable setup and add the
> required setup rules? The system is in production, so it needs to be as
> secure as possible. I also attached my setup documentation with
> debugging info and the reported iptable denyal.
> Any help would be appreciated,
> Best regards,
> Jelle de Jong

I finally fixed the actual issue, and documented everything extensively
(see attachment) I strongly advice the sane-project to update there

The behind problem was that the 'groups = yes' option was not
documentation in man saned or the web pages. If this option is not given
xinetd will strip the scanner group and everything seems to be working
but the scaned process started by xinetd cant access the device ...

# IMPORTANT: add 'groups = yes' to the configuration, else xinetd strips
the scanner group and is unable to access the device!
# see -> man xinetd.conf

Thanks to everybody trying to help.

Kind regards,

Jelle de Jong
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: saned-network-scanner.txt
Url: http://lists.alioth.debian.org/pipermail/sane-devel/attachments/20080924/e67a5e7f/attachment-0001.txt 

More information about the sane-devel mailing list