Modify

Opened 9 years ago

Closed 8 years ago

Last modified 4 years ago

#4546 closed defect (fixed)

Firewall blocks ICMP traffic by default

Reported by: thomas@… Owned by: developers
Priority: normal Milestone: Barrier Breaker 14.07
Component: packages Version: Kamikaze trunk
Keywords: firewall, icmp Cc:

Description

The firewall blocks ICMP traffic by default on interfaces that are not set to ACCEPT. Blocking ICMP traffic unconditionally may lead to all kinds of network problems that are difficult to track. A sane default (that I am using) is to always accept any ICMP traffic:

config rule

option proto ICMP

option target ACCEPT

One might think about adding the possibility to block some selected ICMP messages (like echo-requests), but IMO there is no point to it.

Attachments (0)

Change History (4)

comment:1 Changed 9 years ago by Maddes <maddes_trac@…>

A patch for adding support to specify the icmp type is available at #5554.

But this does not close the here mentioned suggestion.

comment:2 Changed 9 years ago by Maddes <maddes_trac@…>

Selecting ICMP messages have been added through #5554 and is in the trunk since revision [17115].
Still leaves the question if another default rule should be implemented.
I for myself have ICMP packages accepted (and also reject packets and do not drop them).

comment:3 Changed 8 years ago by thepeople

  • Resolution set to fixed
  • Status changed from new to closed
  • Version set to Kamikaze trunk

Ping was allowed in r20261

comment:4 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.