-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday, 2013-04-21 at 19:29 +0200, Togan Muftuoglu wrote:
On 04/21/2013 05:43 PM, Cristian Rodríguez wrote:
Yes, also the following icmp types must never be blocked, if SUSEfirewall does not implicitely creates rules always allowing them, then it is absolutely retarded and you should not use it.
In SuSEfirewall2 safe_icmp_replies and safe_icmp_replies6 defines what are allowed
- icmp fragmentation-needed
That one is missing
- icmp time-exceeded
It is there
Carlos, maybe better to bugzilla the icmp fragmentation-needed
Sorry people, I got lost in the way :-) I don't know what settings you are checking, those are not variables in the "/etc/sysconfig/SuSEfirewall2" file, and thus I have no idea what I should report. - -- Cheers, Carlos E. R. (from 12.1 x86_64 "Asparagus" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) iEYEARECAAYFAlF0KZ4ACgkQtTMYHG2NR9WqKACfYzgWUEZPSvaC4sYJ8GE3GFZv BOkAn32EukS0/mRc4e8KEnC1pKw2E9Xa =QiOb -----END PGP SIGNATURE-----