Red Hat Bugzilla – Bug 90431
Firewall scripts do not conform to RFCs
Last modified: 2015-01-07 19:05:00 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003
Description of problem:
The firwall scripts firewall-masq and firewall-standalone, located in /etc/ppp
as soon as the rp-pppoe package is installed, do not conform to current internet
standards as defined by the RFCs.
The firewall scripts do block ICMP echo requests.
STD 0003 Requirements for Internet Hosts. R. Braden, Ed.. October 1989. (Also
RFC1122, RFC1123) does define:
18.104.22.168 Echo Request/Reply: RFC-792
Every host MUST implement an ICMP Echo server function that receives Echo
Requests and sends corresponding Echo Replies.
A host SHOULD also implement an application-layer interface for sending an Echo
Request and receiving an Echo Reply, for diagnostic purposes.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. activate the firewall
2. ping the host
Actual Results: No ICMP ECHO REPLY, nor any ICMP Error Message
Expected Results: Reception of an ICMP ECHO REPLY
firewall-masq and firewall-standalone will be obsolete in next release.