On Sun, Apr 21, 2013 at 09:40:30PM +0200, Carlos E. R. wrote:
On Sunday, 2013-04-21 at 21:10 +0200, Togan Muftuoglu wrote:
On 04/21/2013 08:19 PM, Carlos E. R. wrote:
Telcontar:~ # grep safe_icmp SuSEfirewall2 grep: SuSEfirewall2: No such file or directory Telcontar:~ #
Sorry I was running the grep in the git source directory, you want to grep in the /sbin/SuSEfirewall2 but the safest is
sudo which SuSEfirewall2 | xargs grep safe_icmp
Telcontar:~ # which SuSEfirewall2 | xargs grep safe_icmp safe_icmp_replies="echo-reply destination-unreachable time-exceeded parameter-problem timestamp-reply address-mask-reply protocol-unreachable redirect" safe_icmpv6_replies="echo-reply destination-unreachable packet-too-big time-exceeded parameter-problem" for itype in $stateless_icmpv6_types $safe_icmpv6_replies; do # local icmp_types="$safe_icmp_replies" # icmp_types="$safe_icmpv6_replies" for itype in $safe_icmp_replies; do for itype in $safe_icmpv6_replies; do Telcontar:~ #
Anyway, I can not report anything: a bug in 12.1 will be ignored.
The problem exists in the git version of SuSEFirewall2 so I do not think openSUSE version is important here
Possibly, but Bugzillas reported against 12.1 will not be investigated because it goes out of maintenance in two months, IIRC. Please remember that two months _before_ the official demise of 11.4, a lot of bugs were routinely closed (the decision to do so was posted here), without even reading many of them.
Thus, sorry, I'm not going to waste time reporting a bug that will not be investigated at all.
I have, in fact, reported bugs on 12.3 which got no response yet. I don't see much incentive to reporting even on recent versions... :-(
That probably depends on the assignee, but should not stop you. BTW this block is also active for ICMP handling and if the DNS query was timely before, it should be arriving via related: # need to accept icmp RELATED packets (bnc#382004) $LAA $IPTABLES -A INPUT ${LOG}"-IN-ACC-REL " -p icmp -m conntrack --ctstate RELATED $IPTABLES -A INPUT -j "$ACCEPT" -p icmp -m conntrack --ctstate RELATED $LAA $IP6TABLES -A INPUT ${LOG}"-IN-ACC-REL " -p icmpv6 -m conntrack --ctstate RELATED $IP6TABLES -A INPUT -j "$ACCEPT" -p icmpv6 -m conntrack --ctstate RELATED This btw goes for the other routing related ICMP types that people missed by direct greps. CIao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org