|
Bugzilla – Full Text Bug Listing |
| Summary: | SuSEfirewall2: add FW_REJECT_INT="yes" | ||
|---|---|---|---|
| Product: | [openSUSE] SUSE Linux 10.1 | Reporter: | Johannes Meixner <jsmeix> |
| Component: | Security | Assignee: | Ludwig Nussel <lnussel> |
| Status: | RESOLVED FIXED | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Enhancement | ||
| Priority: | P5 - None | CC: | lnussel |
| Version: | Beta 2 | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Found By: | Development | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Comment 1
Ludwig Nussel
2006-02-01 15:16:06 UTC
done It seems the default for the INT zone is still "drop" (because in SuSEfirewall2.sysconfig there is only FW_REJECT=""). Is it insecure to "reject" by default for the INT zone? Ah, somehow overlooked that you are stressing the default case. I changed that now. The new setting also affects the forward chain, let's see if we get complaints about masquerading. |