diff options
| author | Stuart Henderson <sthen@cvs.openbsd.org> | 2009-06-09 11:52:55 +0000 |
|---|---|---|
| committer | Stuart Henderson <sthen@cvs.openbsd.org> | 2009-06-09 11:52:55 +0000 |
| commit | 9796b4c5d217045c7eb610323a03be4562cf454f (patch) | |
| tree | 1de3db17ba8a50992582c60761956d4d73638b57 /etc | |
| parent | 41c330fcb15102716299f143d3b37c38737ae4fb (diff) | |
By default, don't accept IPv4 ICMP redirects. This behaviour can be
changed with a sysctl, so note it in sysctl.conf. v6 needs further
testing following discussions on the tech mailing list; rainer@ points
out possible interactions with neighbour discovery which need to be
investigated first.
"go ahead on the v4 part" deraadt@
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/sysctl.conf | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/etc/sysctl.conf b/etc/sysctl.conf index c51f24c7adc..3a9a5679a4e 100644 --- a/etc/sysctl.conf +++ b/etc/sysctl.conf @@ -1,4 +1,4 @@ -# $OpenBSD: sysctl.conf,v 1.46 2008/01/05 18:38:37 mbalmer Exp $ +# $OpenBSD: sysctl.conf,v 1.47 2009/06/09 11:52:54 sthen Exp $ # # This file contains a list of sysctl options the user wants set at # boot time. See sysctl(3) and sysctl(8) for more information on @@ -7,6 +7,8 @@ #net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4 packets #net.inet.ip.mforwarding=1 # 1=Permit forwarding (routing) of IPv4 multicast packets #net.inet.ip.multipath=1 # 1=Enable IP multipath routing +#net.inet.icmp.rediraccept=1 # 1=Accept ICMP redirects +#net.inet6.icmp6.rediraccept=0 # 0=Don't accept IPv6 ICMP redirects #net.inet6.ip6.forwarding=1 # 1=Permit forwarding (routing) of IPv6 packets #net.inet6.ip6.mforwarding=1 # 1=Permit forwarding (routing) of IPv6 multicast packets #net.inet6.ip6.multipath=1 # 1=Enable IPv6 multipath routing |