diff options
| author | Claudio Jeker <claudio@cvs.openbsd.org> | 2011-03-23 13:40:43 +0000 |
|---|---|---|
| committer | Claudio Jeker <claudio@cvs.openbsd.org> | 2011-03-23 13:40:43 +0000 |
| commit | 9fee07679b496b7653bf03ad2e560404c3e4673b (patch) | |
| tree | 389674bc5861daaecf18cf8e5d456aa1e6dfe09b | |
| parent | 8b9d29df07aae57aa0c4e71eb75da585cea7172a (diff) | |
Don't process ICMP6 redirects by default anymore. This is in line with
what we do for IPv4. rtsol will turn it back on if -F is used.
After discussion with bluhm@, fgsch@, sthen@ and deraadt@
OK sthen@
| -rw-r--r-- | sys/netinet6/in6_proto.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/netinet6/in6_proto.c b/sys/netinet6/in6_proto.c index 7d40de9db8f..021172b0e1a 100644 --- a/sys/netinet6/in6_proto.c +++ b/sys/netinet6/in6_proto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in6_proto.c,v 1.60 2011/01/07 17:50:42 bluhm Exp $ */ +/* $OpenBSD: in6_proto.c,v 1.61 2011/03/23 13:40:42 claudio Exp $ */ /* $KAME: in6_proto.c,v 1.66 2000/10/10 15:35:47 itojun Exp $ */ /* @@ -310,7 +310,7 @@ u_long rip6_sendspace = RIPV6SNDQ; u_long rip6_recvspace = RIPV6RCVQ; /* ICMPV6 parameters */ -int icmp6_rediraccept = 1; /* accept and process redirects */ +int icmp6_rediraccept = 0; /* don't process redirects by default */ int icmp6_redirtimeout = 10 * 60; /* 10 minutes */ int icmp6errppslim = 100; /* 100pps */ int icmp6_nodeinfo = 1; /* enable/disable NI response */ |