Enhancement #2571

Firewall ping response

Added by Filippo Carletti over 7 years ago. Updated over 7 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-firewall-base
Target version:v6.5-beta3
Resolution: NEEDINFO:No

Description

NethServer firewall disables ping responses from the internet by
default, but this behaviour confuses the sysadmin when trying to
diagnose network problems.
I know that a lot of people prefer to have ping responses disabled,
but it's only security through obscurity and it adds nothing to real
security.

I propose to change the default to enabled ping responses, with a db
prop to disable pings.

Relevant template fragment:
/etc/e-smith/templates/etc/shorewall/rules/20ping

Associated revisions

Revision 503eed4f
Added by Filippo Carletti over 7 years ago

Enable firewall ping response. Refs #2571

History

#1 Updated by Filippo Carletti over 7 years ago

  • Status changed from NEW to TRIAGED
  • Assignee set to Filippo Carletti
  • % Done changed from 0 to 20

#2 Updated by Filippo Carletti over 7 years ago

  • Status changed from TRIAGED to MODIFIED
  • Assignee deleted (Filippo Carletti)
  • % Done changed from 20 to 60

Test: update nethserver-firewall-base and ping wan (red) interface: it should answer ping requests.

#3 Updated by Davide Principi over 7 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70

In nethserver-testing:
nethserver-firewall-base-1.0.7-1.0git503eed4f.ns6.noarch.rpm

#4 Updated by Davide Principi over 7 years ago

  • Assignee set to Davide Principi

#5 Updated by Davide Principi over 7 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Davide Principi)
  • % Done changed from 70 to 90

VERIFIED

Ping responses after upgrading to nethserver-firewall-base-1.0.7-1.0git503eed4f.ns6.noarch.rpm

#6 Updated by Davide Principi over 7 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100

In nethserver-updates:
nethserver-firewall-base-1.0.8-1.ns6.noarch.rpm

Also available in: Atom PDF