diff options
| author | Stuart Henderson <sthen@cvs.openbsd.org> | 2009-06-09 11:52:55 +0000 |
|---|---|---|
| committer | Stuart Henderson <sthen@cvs.openbsd.org> | 2009-06-09 11:52:55 +0000 |
| commit | 9796b4c5d217045c7eb610323a03be4562cf454f (patch) | |
| tree | 1de3db17ba8a50992582c60761956d4d73638b57 /sys/netinet | |
| parent | 41c330fcb15102716299f143d3b37c38737ae4fb (diff) | |
By default, don't accept IPv4 ICMP redirects. This behaviour can be
changed with a sysctl, so note it in sysctl.conf. v6 needs further
testing following discussions on the tech mailing list; rainer@ points
out possible interactions with neighbour discovery which need to be
investigated first.
"go ahead on the v4 part" deraadt@
Diffstat (limited to 'sys/netinet')
| -rw-r--r-- | sys/netinet/ip_icmp.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c index c60ad936701..2b4847f20c9 100644 --- a/sys/netinet/ip_icmp.c +++ b/sys/netinet/ip_icmp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_icmp.c,v 1.83 2009/06/05 00:05:22 claudio Exp $ */ +/* $OpenBSD: ip_icmp.c,v 1.84 2009/06/09 11:52:54 sthen Exp $ */ /* $NetBSD: ip_icmp.c,v 1.19 1996/02/13 23:42:22 christos Exp $ */ /* @@ -113,7 +113,7 @@ int icmpprintfs = 0; int icmperrppslim = 100; int icmperrpps_count = 0; struct timeval icmperrppslim_last; -int icmp_rediraccept = 1; +int icmp_rediraccept = 0; int icmp_redirtimeout = 10 * 60; static struct rttimer_queue *icmp_redirect_timeout_q = NULL; struct icmpstat icmpstat; |