On 04/21/2013 08:01 PM, Carlos E. R. wrote:
On Sunday, 2013-04-21 at 19:29 +0200, Togan Muftuoglu wrote:
On 04/21/2013 05:43 PM, Cristian Rodríguez wrote:
Yes, also the following icmp types must never be blocked, if SUSEfirewall does not implicitely creates rules always allowing them, then it is absolutely retarded and you should not use it.
In SuSEfirewall2 safe_icmp_replies and safe_icmp_replies6 defines what are allowed
- icmp fragmentation-needed
That one is missing
- icmp time-exceeded
It is there
Carlos, maybe better to bugzilla the icmp fragmentation-needed
Sorry people, I got lost in the way :-)
I don't know what settings you are checking, those are not variables in the "/etc/sysconfig/SuSEfirewall2" file, and thus I have no idea what I should report.
They are not settings but the predefined icmp types in the SuSEfirewall2, grep safe_icmp SuSEfirewall2 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org