Bug 90431 - Firewall scripts do not conform to RFCs
Summary: Firewall scripts do not conform to RFCs
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: rp-pppoe   
(Show other bugs)
Version: 9
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Ngo Than
QA Contact: Jay Turner
Depends On:
TreeView+ depends on / blocked
Reported: 2003-05-08 03:18 UTC by Andreas Thienemann
Modified: 2015-01-08 00:05 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-06-18 14:59:19 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Andreas Thienemann 2003-05-08 03:18:01 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003

Description of problem:
The firwall scripts firewall-masq and firewall-standalone, located in /etc/ppp
as soon as the rp-pppoe package is installed, do not conform to current internet
standards as defined by the RFCs.

The firewall scripts do block ICMP echo requests.

STD 0003 Requirements for Internet Hosts. R. Braden, Ed.. October 1989. (Also
RFC1122, RFC1123) does define:  Echo Request/Reply: RFC-792
Every host MUST implement an ICMP Echo server function that receives Echo
Requests and sends corresponding Echo Replies.
A host SHOULD also implement an application-layer interface for sending an Echo
Request and receiving an Echo Reply, for diagnostic purposes.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. activate the firewall
2. ping the host

Actual Results:  No ICMP ECHO REPLY, nor any ICMP Error Message

Expected Results:  Reception of an ICMP ECHO REPLY

Additional info:

Comment 1 Ngo Than 2003-06-18 14:59:19 UTC
firewall-masq and firewall-standalone will be obsolete in next release.

Note You need to log in before you can comment on or make changes to this bug.