Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP Install/Upgrade, LTM
Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 15.0.0, 15.0.1, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2
Fixed In:
16.1.4, 15.1.9, 15.0.1.1, 14.1.2.1
Opened: Mar 04, 2019 Severity: 4-Minor
If firewall is configured on the management port with an ICMP rule, after upgrading to v14.1.x or later, the ICMP rule does not work.
ICMP packets cannot be blocked with a firewall rule to drop on management port. ICMP packets are allowed from the management port.
-- Firewall is configured on the management port. -- Firewall is configured with an ICMP rule to block.
Run the following commands after upgrading to v14.1.x or later from earlier versions. # /sbin/iptables -N id760355 # /sbin/iptables -I INPUT 1 -j id760355 # /sbin/iptables -A id760355 -i mgmt -p icmp --icmp-type 8 -s 172.28.4.32 -j DROP
ICMP firewall rule has been moved from the f5-required to f5-default.