Bug 250915 - lokkit uses wrong ICMPv6 type for rejects (unreachable instead of adm-prohibited)
lokkit uses wrong ICMPv6 type for rejects (unreachable instead of adm-prohibi...
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: system-config-securitylevel (Show other bugs)
7
All Linux
low Severity low
: ---
: ---
Assigned To: Thomas Woerner
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-08-05 03:42 EDT by Peter Bieringer
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version: 1.7.0-6.fc7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-14 22:41:24 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Peter Bieringer 2007-08-05 03:42:41 EDT
Description of problem:
Mentioned already in
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214117#c6 but probably
overseen, lokkit uses wrong ICMPv6 type for rejects, which results in different
behavior than in IPv4 ruleset.

Version-Release number of selected component (if applicable):
system-config-securitylevel-1.7.0-5.fc7

How reproducible:
Always

Steps to Reproduce:
1. Generate standard ruleset
  
Actual results:
# grep REJECT ip*tables
ip6tables:-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp6-port-unreachable
ip6tables:-A FORWARD -j REJECT --reject-with icmp6-port-unreachable
iptables:-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
iptables:-A FORWARD -j REJECT --reject-with icmp-host-prohibited

Expected results:
ip6tables:-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp6-adm-prohibited
ip6tables:-A FORWARD -j REJECT --reject-with icmp6-adm-prohibited
Comment 1 Fedora Update System 2007-11-09 18:58:48 EST
system-config-securitylevel-1.7.0-6.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update system-config-securitylevel'
Comment 2 Fedora Update System 2007-11-14 22:41:19 EST
system-config-securitylevel-1.7.0-6.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.