Avahi-Daemon open network ports, is it safe to disable?

I saw in my Firewall that Avahi-Daemon is open ports,
even when my system is idle and im doing nothing and everything closed.

Is it really necessary, that this ports are open? Can i disable this service without breaking Network and making my OS unstable?

Avahi looks to me like a remote access program, i have a feeling this tool adds security risks to Manjaro.

Anyone can recommend a way to close this ports or to disable this tool or other dependencies that may open this ports for Avahi and are not system relevant?

Those are unprivileged ports. They are perfectly safe.

It’s not. It’s just a framework to help discover services available on the local network ─ e.g. a networked printer or scanner ─ without needing any manual configuration.

You can disable Avahi if you don’t need it, but there’s not much of a point in doing so. It’s not a security hazard and it also doesn’t consume many CPU cycles.

sudo systemctl disable --now avahi-daemon.service
sudo systemctl mask avahi-daemon.service
2 Likes

Thanks for your feedback.

Is there a remote access program in Manjaro/KDE preinstalled?

I don’t use this devices, i only have a fritzbox router with nothing connected excluded my PC. I hope its save to disable this feature without getting bugs.

I just want to close as many ports as possible.

Could you explain for what is “mask” good for?

Could you give me also a command for re-enable this service?

Well, openssh comes installed as standard, but the sshd server is not enabled by default.

It prevents a disabled service from automatically being started if something like an update to systemd would be inclined to start it. “Masked” in this context simply means “No, I do not want this thing running, so leave it alone.”

sudo systemctl unmask avahi-daemon.service
sudo systemctl enable --now avahi-daemon.service
1 Like

If you experience errors after disabling it, you’re free to reenable it (unmask, enable, start).

what about:

avahi-daemon.socket

and

cups-browsed.service

is it needed to take care of those too?

Technically, you could also mask the socket, but the socket normally only gets created when the service is running, so it’s not really a problem.

A socket is just a form of interprocess communication between processes that deal with network traffic without forcing them to use TCP/IP. :wink:

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.