remove extraneous source quench rule
Bug #1558068 reported by
hucste
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ufw |
Fix Released
|
Low
|
Jamie Strandboge |
Bug Description
Into the before.rules, this rule is :
-A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type source-quench -j ACCEPT
Segun the draft recommandation IETF about ICMP filtering (2013-2014), source quench is deprecated, and exploited for attacks.
(see: https:/
$ ufw --version
ufw 0.34~rc-0ubuntu2
Copyright 2008-2012 Canonical Ltd
# Trusty
CVE References
To post a comment you must log in.
The Linux kernel was given CVE-2004-0791 for implementing source quench and looking at the kernel sources, I verified it silently ignores this, so the (ancient) rule does not pose a security issue, but it should be removed.