https://bugzilla.novell.com/show_bug.cgi?id=368534 Summary: make SuSEfirewall2's default to REJECT instead of DROP, reply to pings Product: openSUSE 11.0 Version: Alpha 2 Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: Andreas.Stieger@gmx.de QAContact: qa@suse.de Found By: Customer SuSEfirewall2 should default to REJECT instead of DROP and reply to pings. Using DROP instead of REJECT and not replying to pings adds nothing to security. It creates a false sense of security for the user. It does not comply with TCP/IP standards. It may slow down port scans, but does not prevent them. With this stealth behaviour in place, network debugging gets harder. This reduces percieved product quality. The default in /etc/sysconfig/SuSEfirewall2, and the program that creates the file (not owned by any packagwe), and the program's default behaviour on missing settings should be: FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="yes" FW_ALLOW_PING_EXT="yes" FW_REJECT="yes" FW_REJECT_INT="yes" (currently "no" on all five) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.