Description of problem: Mentioned already in https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214117#c6 but probably overseen, lokkit uses wrong ICMPv6 type for rejects, which results in different behavior than in IPv4 ruleset. Version-Release number of selected component (if applicable): system-config-securitylevel-1.7.0-5.fc7 How reproducible: Always Steps to Reproduce: 1. Generate standard ruleset Actual results: # grep REJECT ip*tables ip6tables:-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp6-port-unreachable ip6tables:-A FORWARD -j REJECT --reject-with icmp6-port-unreachable iptables:-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited iptables:-A FORWARD -j REJECT --reject-with icmp-host-prohibited Expected results: ip6tables:-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp6-adm-prohibited ip6tables:-A FORWARD -j REJECT --reject-with icmp6-adm-prohibited
system-config-securitylevel-1.7.0-6.fc7 has been pushed to the Fedora 7 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update system-config-securitylevel'
system-config-securitylevel-1.7.0-6.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.