Bug 292741 - RFE: Firewall has no way to block "ping" (ICMP)
RFE: Firewall has no way to block "ping" (ICMP)
Product: Fedora
Classification: Fedora
Component: system-config-firewall (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Thomas Woerner
Fedora Extras Quality Assurance
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2007-09-17 02:58 EDT by Andy
Modified: 2008-05-05 06:34 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-05-05 06:34:35 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Andy 2007-09-17 02:58:16 EDT
Description of problem: Fedora 8 Test2 - The firewall has no option to block
"ping" (ICMP). I've tested F8 using the "Shields Up" test (http://www.grc.com)
and the only vulnerability that was found was that F8 responds to pings.  

Version-Release number of selected component (if applicable): Fedora 8 Test2

How reproducible: Very. Select System, Admin, Firewall. Nowhere in the firewall
settings is there an option to block ping. Compare this to the Firestarter
firewall where ping is easily blocked - just select "Preferences, ICMP filtering". 

Fedora is supposed to be one of the most secure distros, so imo this is a
serious oversight and should be fixed.  

Steps to Reproduce:
1. Go into the firewall settings ("System", "Admin", "firewall"). 
2. Look for an option to block ping. You'll be looking for a long time... ;-) 
Actual results: Result is that distro is vulnerable, and if you want to block
ping, you need to grovel around with a config file. Not acceptable for such an
obvious and glaring security hole.  

Expected results: Being rootkitted...

Additional info:
Comment 1 Thomas Woerner 2007-11-06 08:24:23 EST
Assigning to system-config-firewall.
Comment 2 Thomas Woerner 2007-11-21 07:19:21 EST
Assigning to devel.
Comment 3 Jon Stanley 2008-04-23 16:30:50 EDT
Adding FutureFeature keyword to RFE's.
Comment 4 Thomas Woerner 2008-05-05 06:34:35 EDT
Fixed in rawhide in package system-config-firewall-1.2.6-1 or newer.

Note You need to log in before you can comment on or make changes to this bug.