Hello community, here is the log from the commit of package SuSEfirewall2 checked in at Wed Apr 23 00:32:21 CEST 2008. -------- --- SuSEfirewall2/SuSEfirewall2.changes 2008-04-17 14:55:37.000000000 +0200 +++ /mounts/work_src_done/NOARCH/SuSEfirewall2/SuSEfirewall2.changes 2008-04-22 11:10:16.000000000 +0200 @@ -1,0 +2,5 @@ +Tue Apr 22 11:10:10 CEST 2008 - lnussel@suse.de + +- accept icmp RELATED packets (bnc#382004) + +------------------------------------------------------------------- Old: ---- SuSEfirewall2-3.6_SVNr194.tar.bz2 New: ---- SuSEfirewall2-3.6_SVNr195.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ SuSEfirewall2.spec ++++++ --- /var/tmp/diff_new_pack.L17284/_old 2008-04-23 00:32:06.000000000 +0200 +++ /var/tmp/diff_new_pack.L17284/_new 2008-04-23 00:32:06.000000000 +0200 @@ -1,5 +1,5 @@ # -# spec file for package SuSEfirewall2 (Version 3.6_SVNr194) +# spec file for package SuSEfirewall2 (Version 3.6_SVNr195) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -13,7 +13,7 @@ Name: SuSEfirewall2 -Version: 3.6_SVNr194 +Version: 3.6_SVNr195 Release: 1 License: GPL v2 or later Group: Productivity/Networking/Security @@ -188,6 +188,8 @@ rm -rf %{buildroot} %changelog +* Tue Apr 22 2008 lnussel@suse.de +- accept icmp RELATED packets (bnc#382004) * Thu Apr 17 2008 lnussel@suse.de - sysconfig file documentation improvements * Fri Apr 04 2008 lnussel@suse.de ++++++ SuSEfirewall2-3.6_SVNr194.tar.bz2 -> SuSEfirewall2-3.6_SVNr195.tar.bz2 ++++++ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/SuSEfirewall2-3.6_SVNr194/SuSEfirewall2 new/SuSEfirewall2-3.6_SVNr195/SuSEfirewall2 --- old/SuSEfirewall2-3.6_SVNr194/SuSEfirewall2 2008-04-04 10:05:24.000000000 +0200 +++ new/SuSEfirewall2-3.6_SVNr195/SuSEfirewall2 2008-04-22 11:09:33.000000000 +0200 @@ -558,6 +558,10 @@ $LAA $iptables -A INPUT ${LOG}"-IN-ACC-EST " -m state --state ESTABLISHED $iptables -A INPUT -j "$ACCEPT" -m state --state ESTABLISHED + # need to accept icmp RELATED packets (bnc#382004) + $LAA $iptables -A INPUT ${LOG}"-IN-ACC-REL " -p icmp -m state --state RELATED + $iptables -A INPUT -j "$ACCEPT" -p icmp -m state --state RELATED + # if two hosts have a tcp connection on fixed ports and # one of the hosts crashes it will send a SYN to the # peer if it comes back up. The peer sends back ACK as @@ -1382,7 +1386,7 @@ done fi -# not needed as there is a generic accept rule for ESTABLISHED,RELATED +# not needed as there is a generic accept rule for ICMP RELATED packets # local icmp_types="$safe_icmp_replies" # for itype in $icmp_types; do # for chain in $input_zones; do ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org