On Fri, Feb 20, 2015 at 7:27 PM, Gordon Messmer <gordon.messmer@xxxxxxxxx> wrote: >> >> The truth, Gordon, is that after changing the firewall configuration >> as described in the referred site, the issue was fixed. > > > Yes, I understand that. But it sounds like GRE was allowed previously > because it was "RELATED" to the pptp TCP connection before a kernel upgrade, > but afterward it required a rule to allow it unconditionally (which is bad). > > I can't test that because I don't have any PPTP servers available, because > PPTP is very bad security-wise. > > It would be useful to remove the rules that you added and verify that the > PPTP connection fails. Then, boot an older kernel which was known to > previously work and test the connection. If it works, then there's a kernel > bug that should be reported. Thanks, Gordon, for your reply. If the issue is caused by the kernel, cannot one speculate that is deliberated in order to increase security? As Rick has just suggested, one can restrict the GRE service to certain IPs, while allowing the GRE service globally would leave the computer less secure (as the older versions of kernels did, if your suspicion is correct). Paul -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
