Date: Fri, 14 Jun 2024 08:49:27 -0400 From: Ed Maste <emaste@freebsd.org> To: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net> Cc: freebsd-net@freebsd.org Subject: Re: Discarding inbound ICMP REDIRECT by default Message-ID: <CAPyFy2B2LQyqJ%2BzQzjdHfxj57=_Y-28ZzLPPr-bRES_c2x8=bA@mail.gmail.com> In-Reply-To: <202406131801.45DI1MZu045631@gndrsh.dnsmgr.net> References: <CAPyFy2AqSzrwz3rHg68Soztkr2yGgVUJL4AEdP9HcBLfbMyZrA@mail.gmail.com> <202406131801.45DI1MZu045631@gndrsh.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > Discarding ICMP redirects on a internet host is non-conformant with > > > STD-3 via rfc-1122. Processing of ICMP rediects is a MUST for hosts. > > > > In that case our default of "auto" is non-conformant if you have a > > routing daemon. > > NO, because then your not subject to rfc-1122 as your now a router, > not a host. I would argue that having IP forwarding enabled (i.e. net.inet.ip.forwarding for IPv4) is what establishes FreeBSD as a router, and ICMP REDIRECT messages are already dropped in kernel in that case.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPyFy2B2LQyqJ%2BzQzjdHfxj57=_Y-28ZzLPPr-bRES_c2x8=bA>