Hey there, let's break this down clearly for you!

First off, the core rule here is: any public-facing port you aren't actively using should be closed. Open ports are like unlocked doors to your network—each one gives potential attackers an extra chance to find a way in, even if the service itself seems harmless.

Let's specifically talk about port 631 (IPP) since you mentioned it:

• Since you only use local printers, there's zero reason to have this port open to the public internet. IPP is meant for remote printing access, but if all your printers are only used on your local LAN, leaving 631 exposed just creates unnecessary risk. Attackers could exploit known vulnerabilities in IPP services to gain access to your network, or even take control of your printers (yes, that's a real thing!).

Here are some actionable steps to clean this up:

• Identify what's listening on each open port: On Windows, run netstat -ano in Command Prompt to see which processes are using each port. On Linux/macOS, use ss -tulpn instead. This will tell you exactly which services are behind those open ports.
• Disable unused services: If a port is tied to a service you don't need (like remote printing in this case), turn that service off entirely in your system settings.
• Lock down your router: Most public IPs from ISPs go through a home router first. Check your router's port forwarding settings—if you accidentally set up forwarding for any of these ports, delete those rules immediately. Router-level firewall rules are your first line of defense against unwanted public access.
• Scan regularly: Use a tool like nmap (just make sure you only scan your own IP—scanning others' is unethical and often illegal) to periodically check your port status, so you can catch any unexpected openings early.

If you're ever unsure about a specific port's purpose, you can look up its common use cases, but always default to closing it unless you know exactly why it needs to be open.

备注：内容来源于stack exchange，提问作者Tafriqt