Red Hat Bugzilla – Bug 292741
RFE: Firewall has no way to block "ping" (ICMP)
Last modified: 2008-05-05 06:34:35 EDT
Description of problem: Fedora 8 Test2 - The firewall has no option to block
"ping" (ICMP). I've tested F8 using the "Shields Up" test (http://www.grc.com)
and the only vulnerability that was found was that F8 responds to pings.
Version-Release number of selected component (if applicable): Fedora 8 Test2
How reproducible: Very. Select System, Admin, Firewall. Nowhere in the firewall
settings is there an option to block ping. Compare this to the Firestarter
firewall where ping is easily blocked - just select "Preferences, ICMP filtering".
Fedora is supposed to be one of the most secure distros, so imo this is a
serious oversight and should be fixed.
Steps to Reproduce:
1. Go into the firewall settings ("System", "Admin", "firewall").
2. Look for an option to block ping. You'll be looking for a long time... ;-)
Actual results: Result is that distro is vulnerable, and if you want to block
ping, you need to grovel around with a config file. Not acceptable for such an
obvious and glaring security hole.
Expected results: Being rootkitted...
Assigning to system-config-firewall.
Assigning to devel.
Adding FutureFeature keyword to RFE's.
Fixed in rawhide in package system-config-firewall-1.2.6-1 or newer.