147263 – SuSEfirewall2: add FW_REJECT_INT="yes"

Bug 147263 - SuSEfirewall2: add FW_REJECT_INT="yes"

Summary: SuSEfirewall2: add FW_REJECT_INT="yes"

Status:	RESOLVED FIXED

Alias:	None

Product:	SUSE Linux 10.1
Classification:	openSUSE
Component:	Security (show other bugs)
Version:	Beta 2
Hardware:	Other Linux

Priority:	P5 - None Severity: Enhancement (vote)
Target Milestone:	---
Assignee:	Ludwig Nussel
QA Contact:	E-mail List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2006-02-01 15:05 UTC by Johannes Meixner
Modified:	2006-09-20 12:58 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Development
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 1 Ludwig Nussel 2006-02-01 15:16:06 UTC

jo

Comment 2 Ludwig Nussel 2006-09-20 12:01:34 UTC

done

Comment 3 Johannes Meixner 2006-09-20 12:34:25 UTC

It seems the default for the INT zone is still "drop"
(because in SuSEfirewall2.sysconfig there is only FW_REJECT="").

Is it insecure to "reject" by default for the INT zone?

Comment 4 Ludwig Nussel 2006-09-20 12:58:22 UTC

Ah, somehow overlooked that you are stressing the default case. I changed that now. The new setting also affects the forward chain, let's see if we get complaints about masquerading.