| raw e-mail | index | archive | help
You do get that the final effect of the change is that by default ALL freeBSD boxes well be dropping ICMP REDIRECTS, both routers and end nodes. I know first hand that this change WOULD break my network(s) in locations that have more than 1 router as all of the interior hosts simply depend on an ICMP redirect to get them using the optimal router after they wrongly use the default router for a packet. A quick check on Ubunty 22.04 and Debian 12 indicate these are stlll accepted by default on those systems. Again, this is gona be one of those "bite someone in the ass" and your actually not providing any real security to anyone by making this change. If this is such a security issue, how come FREEFALL.freebsd.org still has: net.inet.icmp.drop_redirect: 0 Because it does not need to do that, because it is properly protected by routers and firewalls that do the dropping for them. DOG food Dog FOOD DOG FOOD!!! -- Rod Grimes rgrimes@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?>