0000566: Local Network Ping Limit Unacceptable - Mantis

Endian Issue Tracker

Viewing Issue Simple Details [ Jump to Notes ]

[ View Advanced ] [ Issue History ] [ Print ]

ID

Category

Severity

Reproducibility

Date Submitted

Last Update

0000566

[Endian Firewall] Firewall (iptables)

minor

always

2008-02-15 21:32

2008-07-27 22:18

Reporter

jaebird

View Status

public

Assigned To

peter

Priority

normal

Resolution

fixed

Status

closed

Product Version

2.2-beta2

Summary

0000566: Local Network Ping Limit Unacceptable

Description

In our use of endian we use ping to verify that the network is available to remote network nodes. They ping the default gateway, which happens to be endian firewall. The default setup limits the ping responses to once per second. This causes remote nodes to timeout when more than one node is "pinging" endian.

Additional Information

WARNING: I have not evaluated the DOS security implications of the following workaround.

Workaround:

In the following file:
/usr/local/bin/setxtaccess.py

comment out the line below:
# iptables += " -m limit --limit 1/second"

Tags

No tags attached.

Relationships

Notes
(0000919) peter (administrator) 2008-02-15 22:02	should probably be done with -m hashlimit and maybe with different or ideally configurable limits for local zones/red

Issue History
Date Modified	Username	Field	Change
2008-02-15 21:32	jaebird	New Issue
2008-02-15 21:32	jaebird	Status	new => assigned
2008-02-15 21:32	jaebird	Assigned To	=> peter
2008-02-15 22:02	peter	Note Added: 0000919
2008-02-15 22:02	peter	Status	assigned => confirmed
2008-02-19 20:25	peter	Target Version	=> 2.3
2008-05-28 17:09	peter	Status	confirmed => resolved
2008-05-28 17:09	peter	Fixed in Version	=> 2.2
2008-05-28 17:09	peter	Resolution	open => fixed
2008-07-24 17:55	ra	Fixed in Version	2.2 => 2.2-rc2
2008-07-27 22:18	peter	Status	resolved => closed

Copyright © 2005-2008 Endian, SRL. All rights reserved.

Copyright © 2000 - 2008 Mantis Group