Bug 90431

Summary: Firewall scripts do not conform to RFCs
Product: [Retired] Red Hat Linux Reporter: Andreas Thienemann <andreas>
Component: rp-pppoeAssignee: Than Ngo <than>
Status: CLOSED WONTFIX QA Contact: Jay Turner <jturner>
Severity: medium Docs Contact:
Priority: medium    
Version: 9CC: mitr, srevivo
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-06-18 14:59:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Andreas Thienemann 2003-05-08 03:18:01 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003

Description of problem:
The firwall scripts firewall-masq and firewall-standalone, located in /etc/ppp
as soon as the rp-pppoe package is installed, do not conform to current internet
standards as defined by the RFCs.

The firewall scripts do block ICMP echo requests.

STD 0003 Requirements for Internet Hosts. R. Braden, Ed.. October 1989. (Also
RFC1122, RFC1123) does define:


3.2.2.6  Echo Request/Reply: RFC-792
Every host MUST implement an ICMP Echo server function that receives Echo
Requests and sends corresponding Echo Replies.
A host SHOULD also implement an application-layer interface for sending an Echo
Request and receiving an Echo Reply, for diagnostic purposes.



Version-Release number of selected component (if applicable):
3.5-2

How reproducible:
Always

Steps to Reproduce:
1. activate the firewall
2. ping the host


Actual Results:  No ICMP ECHO REPLY, nor any ICMP Error Message

Expected Results:  Reception of an ICMP ECHO REPLY

Additional info:
Comment 1 Than Ngo 2003-06-18 14:59:19 UTC 
firewall-masq and firewall-standalone will be obsolete in next release.