Bug ID 760355: Firewall rule to block ICMP/DHCP from 'required' to 'default'

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3

Opened: Mar 04, 2019
Severity: 4-Minor

Symptoms

If firewall is configured on the management port with an ICMP rule, after upgrading to v14.1.x or later, the ICMP rule does not work.

Impact

ICMP packets cannot be blocked with a firewall rule to drop on management port. ICMP packets are allowed from the management port.

Conditions

-- Firewall is configured on the management port. -- Firewall is configured with an ICMP rule to block.

Workaround

Run the following commands after upgrading to v14.1.x or later from earlier versions. sbin # ./xtables-multi iptables -N inoue sbin # ./xtables-multi iptables -A inoue -i mgmt -p icmp --icmp-type 8 -s 172.28.4.32 -j DROP

Fix Information

None

Behavior Change