Bug 44038
Summary: | errors in ifup-post firewalling script | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | seifried <seifried> |
Component: | initscripts | Assignee: | Bill Nottingham <notting> |
Status: | CLOSED RAWHIDE | QA Contact: | David Lawrence <dkl> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 7.1 | CC: | pekkas, rvokal |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2001-08-09 05:12:48 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
seifried
2001-06-10 04:58:56 UTC
Changing to initscripts component. If your UDP scan src address is spoofed, you don't get any replies anyway (unless you do some special tricks like spoof the src to be something other in your LAN, and run tcpdump in promisc mode). Also, the rules were justified by the fact that if your DNS server is compromised, this is the least they can do. Nonetheless, I agree that the rules should be stricter. These rules are the same as any original rules created by the firewall tool, so I'm probably not going to change them. Actually, the sport will be changed in 6.13-1. |