[Nix-dev] Enabling CUPS unconditionally allows UDP/631 on the firewall

[Peter Simons]

Hi,

 > Running sshd without port 22 open doesn't make much sense.

well, I know at least one person who has a locally running SSH daemon
for no reason other than being able to use "ssh root at localhost" as a
fancy replacement for sudo. For that use case, it's not necessary (nor
desirable) to have the firewall enable access from the outside world.

Personally, I would argue that no service should open up ports in the
firewall, ever. Only the administrator should do that.

Just my 2 cents,
Peter