Bug 250915 - lokkit uses wrong ICMPv6 type for rejects (unreachable instead of adm-prohibited)
Summary: lokkit uses wrong ICMPv6 type for rejects (unreachable instead of adm-prohibi...
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: system-config-securitylevel   
(Show other bugs)
Version: 7
Hardware: All Linux
low
low
Target Milestone: ---
Assignee: Thomas Woerner
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-08-05 07:42 UTC by Peter Bieringer
Modified: 2007-11-30 22:12 UTC (History)
0 users

Fixed In Version: 1.7.0-6.fc7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-15 03:41:24 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Peter Bieringer 2007-08-05 07:42:41 UTC
Description of problem:
Mentioned already in
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214117#c6 but probably
overseen, lokkit uses wrong ICMPv6 type for rejects, which results in different
behavior than in IPv4 ruleset.

Version-Release number of selected component (if applicable):
system-config-securitylevel-1.7.0-5.fc7

How reproducible:
Always

Steps to Reproduce:
1. Generate standard ruleset
  
Actual results:
# grep REJECT ip*tables
ip6tables:-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp6-port-unreachable
ip6tables:-A FORWARD -j REJECT --reject-with icmp6-port-unreachable
iptables:-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
iptables:-A FORWARD -j REJECT --reject-with icmp-host-prohibited

Expected results:
ip6tables:-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp6-adm-prohibited
ip6tables:-A FORWARD -j REJECT --reject-with icmp6-adm-prohibited

Comment 1 Fedora Update System 2007-11-09 23:58:48 UTC
system-config-securitylevel-1.7.0-6.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update system-config-securitylevel'

Comment 2 Fedora Update System 2007-11-15 03:41:19 UTC
system-config-securitylevel-1.7.0-6.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.