Bug 90431 - Firewall scripts do not conform to RFCs
Firewall scripts do not conform to RFCs
Status: CLOSED WONTFIX
Product: Red Hat Linux
Classification: Retired
Component: rp-pppoe (Show other bugs)
9
All Linux
medium Severity medium
: ---
: ---
Assigned To: Ngo Than
Jay Turner
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-05-07 23:18 EDT by Andreas Thienemann
Modified: 2015-01-07 19:05 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-06-18 10:59:19 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Andreas Thienemann 2003-05-07 23:18:01 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003

Description of problem:
The firwall scripts firewall-masq and firewall-standalone, located in /etc/ppp
as soon as the rp-pppoe package is installed, do not conform to current internet
standards as defined by the RFCs.

The firewall scripts do block ICMP echo requests.

STD 0003 Requirements for Internet Hosts. R. Braden, Ed.. October 1989. (Also
RFC1122, RFC1123) does define:


3.2.2.6  Echo Request/Reply: RFC-792
Every host MUST implement an ICMP Echo server function that receives Echo
Requests and sends corresponding Echo Replies.
A host SHOULD also implement an application-layer interface for sending an Echo
Request and receiving an Echo Reply, for diagnostic purposes.



Version-Release number of selected component (if applicable):
3.5-2

How reproducible:
Always

Steps to Reproduce:
1. activate the firewall
2. ping the host


Actual Results:  No ICMP ECHO REPLY, nor any ICMP Error Message

Expected Results:  Reception of an ICMP ECHO REPLY

Additional info:
Comment 1 Ngo Than 2003-06-18 10:59:19 EDT
firewall-masq and firewall-standalone will be obsolete in next release.

Note You need to log in before you can comment on or make changes to this bug.